From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 6A590138968 for ; Sun, 10 Feb 2013 11:56:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5A1E521C0CF; Sun, 10 Feb 2013 11:56:28 +0000 (UTC) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id CEF8621C09C for ; Sun, 10 Feb 2013 11:56:26 +0000 (UTC) Received: from compute1.internal (compute1.nyi.mail.srv.osa [10.202.2.41]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 5398020533 for ; Sun, 10 Feb 2013 06:56:26 -0500 (EST) Received: from frontend2.nyi.mail.srv.osa ([10.202.2.161]) by compute1.internal (MEProxy); Sun, 10 Feb 2013 06:56:26 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=binarywings.net; h=message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type; s=mesmtp; bh=42SRuMQfhq0X+cVYt7IHzGNc MIM=; b=JthBcLMcGXCosysirRYfF0whSvfO9zO4bPeGidDGw+YFp9jylLiqlpjJ ejGP//VnX1mAlADyBkAYc0rVnISr9m94cszt8q9E/BsWT9gdGJ0FqmKzzTeUmh3D OCfYkXN27fB0OY1vmP1jmO5USdYYcrXZdpxlc/ffcAi+U4FDx+0= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type; s=smtpout; bh=42SR uMQfhq0X+cVYt7IHzGNcMIM=; b=ohOhXoUgD3OhinDb5F47rD+kdLqFZ1AuwdR1 uWnAcj25wrEBKtGKNZnYXaBsd0R+pnzXz6C60fL8n89184Ry1keJusjh3Irfl1g4 pvZ+qEJE/0okQgWG51jr/psAzMArXGS7evsQuqGqh5iRwA/+FS0r8QHMrdmzrd// WO9PqPQ= X-Sasl-enc: GfAq2SisRIGub8XbdzYOfN0m9tg0pP1KY2BBijHHSbeS 1360497385 Received: from [192.168.5.18] (unknown [83.169.5.6]) by mail.messagingengine.com (Postfix) with ESMTPA id 3625548248F for ; Sun, 10 Feb 2013 06:56:24 -0500 (EST) Message-ID: <51178AE2.8000708@binarywings.net> Date: Sun, 10 Feb 2013 12:56:18 +0100 From: Florian Philipp User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130202 Thunderbird/17.0.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] SSH UseDNS without IPv6? References: <511693EE.1060606@binarywings.net> <5116AA5F.2050509@gmail.com> In-Reply-To: <5116AA5F.2050509@gmail.com> X-Enigmail-Version: 1.5 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="----enig2JEAENWEBSWGKMRDKLCRU" X-Archives-Salt: 8e96762a-e899-483f-abc2-e47f9f53f716 X-Archives-Hash: 92542565704e6a4552edab879d7deb17 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2JEAENWEBSWGKMRDKLCRU Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Am 09.02.2013 20:58, schrieb Alan McKinnon: > On 09/02/2013 20:22, Florian Philipp wrote: >> Hi list! >> >> I have an issue with SSH. It's a variation of the old "Set 'UseDNS no'= >> to avoid delays with faulty DNS records" theme. >> >> Following setup: >> 1. I have a server with IPv6 compiled into the SSH daemon but no actua= l >> IPv6 network interface. >> >> 2. The SSH client has no IPv6, neither compiled nor active. >> >> 3. The DNS server doesn't serve or support AAAA records. Apparently it= >> drops all such requests. All other records for IP and reverse lookup a= re >> correct. >> >> Now I'm experiencing the classic, very long delay when connecting to t= he >> server via SSH because it does DNS lookups. When I look at wireshark >> dumps, I see correctly served A and reverse lookups but the server als= o >> insists on doing AAAA requests which time out. >=20 > When you say "the server also insists on doing AAAA requests" you mean > the SSH server, right? >=20 >> >> I tried limiting the sshd "AddressFamily" to inet (aka IPv4) but this >> didn't change anything. Is there another workaround or do I really hav= e >> to deactivate DNS lookups? >=20 > Is the server Gentoo and do you really need IPv6 support on it? Did you= > consider rebuilding that host with IPv6 disabled in USE? >=20 > IPv6 coexisting with IPv4 is always going to be a tricky problem, and > the recommended defaults you run into all over are usually intended to > force people to hurry IPv6 implementation along :-) >=20 > There's always a way to change defaults, and I found this: >=20 > http://askubuntu.com/questions/32298/prefer-a-ipv4-dns-lookups-before-a= aaaipv6-lookups >=20 > The magic file you need to edit appears to be >=20 > /etc/gai.conf >=20 Okay, I fixed my issue: An intermediate DNS server was misconfigured and recursed on queries for which it is authoritative. Now AAAA queries are properly answered. Regards, Florian Philipp ------enig2JEAENWEBSWGKMRDKLCRU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlEXiuYACgkQqs4uOUlOuU+iAgCfQmSEtSnk1QOrEKxCxNQAFyic gZQAn1qk1cGjbDfz3HYHtifB/DlCLm5X =sHGn -----END PGP SIGNATURE----- ------enig2JEAENWEBSWGKMRDKLCRU--