SSH login takes very long time...sometimes

David Malone dwmalone at maths.tcd.ie
Tue Dec 27 02:16:28 PST 2005


On Sun, Dec 25, 2005 at 06:41:57PM +0200, Rostislav Krasny wrote:
> defined as 4. In a case the DNS server isn't responding the
> gethostbyname() makes 8 (eight!) reverse resolving attempts for one
> (!) non-responding DNS server before it returns error. And this is by
> default. All that is still true for my current 6.0-STABLE.
> 
> http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/62139
> 
> As a workaround I may suggest addind "options attempts:2" or even
> "options attempts:1" line to the /etc/resolver.conf

I've often thought that we shouled make the default login timeout
longer than our DNS timeout, as it means it is hard (or impossible)
to log in to fix your DNS server when your DNS server is down. It
is even worse if you don't control some DNS server in the chain
between the root and the name you're trying to look up.

I did once mail des@ to ask him if he'd mind me changing the default
login timeout for sshd to be (say) 5 minutes rather than 1 minute,
but I think he was busy at the time. Judging by the PR mentioned
above it should be at least 2m30s by default. Des, would you mind
this change being made?

	David.


More information about the freebsd-stable mailing list