Am 09.02.2013 20:58, schrieb Alan McKinnon:
> On 09/02/2013 20:22, Florian Philipp wrote:
>> Hi list!
>>
>> I have an issue with SSH. It's a variation of the old "Set 'UseDNS no'
>> to avoid delays with faulty DNS records" theme.
>>
>> Following setup:
>> 1. I have a server with IPv6 compiled into the SSH daemon but no actual
>> IPv6 network interface.
>>
>> 2. The SSH client has no IPv6, neither compiled nor active.
>>
>> 3. The DNS server doesn't serve or support AAAA records. Apparently it
>> drops all such requests. All other records for IP and reverse lookup are
>> correct.
>>
>> Now I'm experiencing the classic, very long delay when connecting to the
>> server via SSH because it does DNS lookups. When I look at wireshark
>> dumps, I see correctly served A and reverse lookups but the server also
>> insists on doing AAAA requests which time out.
> 
> When you say "the server also insists on doing AAAA requests" you mean
> the SSH server, right?
> 
>>
>> I tried limiting the sshd "AddressFamily" to inet (aka IPv4) but this
>> didn't change anything. Is there another workaround or do I really have
>> to deactivate DNS lookups?
> 
> Is the server Gentoo and do you really need IPv6 support on it? Did you
> consider rebuilding that host with IPv6 disabled in USE?
> 
> IPv6 coexisting with IPv4 is always going to be a tricky problem, and
> the recommended defaults you run into all over are usually intended to
> force people to hurry IPv6 implementation along :-)
> 
> There's always a way to change defaults, and I found this:
> 
> http://askubuntu.com/questions/32298/prefer-a-ipv4-dns-lookups-before-aaaaipv6-lookups
> 
> The magic file you need to edit appears to be
> 
> /etc/gai.conf
> 

Okay, I fixed my issue: An intermediate DNS server was misconfigured and
recursed on queries for which it is authoritative. Now AAAA queries are
properly answered.

Regards,
Florian Philipp