From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 249F5138947 for ; Sat, 9 Feb 2013 19:59:43 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 09AEA21C032; Sat, 9 Feb 2013 19:59:35 +0000 (UTC) Received: from mail-wg0-f51.google.com (mail-wg0-f51.google.com [74.125.82.51]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 53D8121C00D for ; Sat, 9 Feb 2013 19:59:33 +0000 (UTC) Received: by mail-wg0-f51.google.com with SMTP id 8so3838791wgl.30 for ; Sat, 09 Feb 2013 11:59:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=ymVcvNxrp7nIa+YQ70nQEO4rgFfmcwe7mcaYRfnDgQQ=; b=afvipHN9TIsQjM23DkdNO8djTr+f+6NdmHvUPLvnLWKJ/m1kGG3b5ftbO2fxK4+tP2 XbngTu8VdSBj8+Gamm5nl0/siqICoxh/r22JSrnEKqWnMni5YsdAzNf52nbzXXWtlEAD 0/ibtsWJ59u7Q/ttv3KZYjcXpr5l19r85wPlxZAGuVC9IcZ1PV8wjCXhKWfSUoOHIlUs aIh9GnFdAgxShRpI19HMI7J1AsKyDTuLo733x1c/XWRwcQUr9WdKGmYgLD23sOHpIJKy jdcl76qalww2b2ulcknklSmIUFiqlp9qgDRXc2wTqpeaZClHu5vmkQjyvLJhF9lWYB14 Ck2g== X-Received: by 10.180.90.145 with SMTP id bw17mr2408289wib.12.1360439971907; Sat, 09 Feb 2013 11:59:31 -0800 (PST) Received: from [172.20.0.41] (196-215-209-80.dynamic.isadsl.co.za. [196.215.209.80]) by mx.google.com with ESMTPS id e6sm22919996wiz.1.2013.02.09.11.59.29 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 09 Feb 2013 11:59:30 -0800 (PST) Message-ID: <5116AA5F.2050509@gmail.com> Date: Sat, 09 Feb 2013 21:58:23 +0200 From: Alan McKinnon User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130114 Thunderbird/17.0.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] SSH UseDNS without IPv6? References: <511693EE.1060606@binarywings.net> In-Reply-To: <511693EE.1060606@binarywings.net> Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit X-Archives-Salt: c2352412-e9ca-4a98-90c5-23c2acead79d X-Archives-Hash: 8217e2b6637702ba02a60d74f2842c38 On 09/02/2013 20:22, Florian Philipp wrote: > Hi list! > > I have an issue with SSH. It's a variation of the old "Set 'UseDNS no' > to avoid delays with faulty DNS records" theme. > > Following setup: > 1. I have a server with IPv6 compiled into the SSH daemon but no actual > IPv6 network interface. > > 2. The SSH client has no IPv6, neither compiled nor active. > > 3. The DNS server doesn't serve or support AAAA records. Apparently it > drops all such requests. All other records for IP and reverse lookup are > correct. > > Now I'm experiencing the classic, very long delay when connecting to the > server via SSH because it does DNS lookups. When I look at wireshark > dumps, I see correctly served A and reverse lookups but the server also > insists on doing AAAA requests which time out. When you say "the server also insists on doing AAAA requests" you mean the SSH server, right? > > I tried limiting the sshd "AddressFamily" to inet (aka IPv4) but this > didn't change anything. Is there another workaround or do I really have > to deactivate DNS lookups? Is the server Gentoo and do you really need IPv6 support on it? Did you consider rebuilding that host with IPv6 disabled in USE? IPv6 coexisting with IPv4 is always going to be a tricky problem, and the recommended defaults you run into all over are usually intended to force people to hurry IPv6 implementation along :-) There's always a way to change defaults, and I found this: http://askubuntu.com/questions/32298/prefer-a-ipv4-dns-lookups-before-aaaaipv6-lookups The magic file you need to edit appears to be /etc/gai.conf -- Alan McKinnon alan.mckinnon@gmail.com