SSH login takes very long time...sometimes
rosti.bsd at gmail.com
Sun Feb 19 12:57:16 PST 2006
On Sun, 19 Feb 2006 13:49:12 +0300
Yar Tikhiy <yar at comp.chem.msu.su> wrote:
> On Sat, Feb 18, 2006 at 01:20:29AM +0200, Rostislav Krasny wrote:
> > On Thu, 16 Feb 2006 08:35:18 +0100
> > des at des.no (Dag-Erling Sm??rgrav) wrote:
> > > David Malone <dwmalone at maths.tcd.ie> writes:
> > > > I did once mail des@ to ask him if he'd mind me changing the default
> > > > login timeout for sshd to be (say) 5 minutes rather than 1 minute,
> > > > but I think he was busy at the time. Judging by the PR mentioned
> > > > above it should be at least 2m30s by default. Des, would you mind
> > > > this change being made?
> > >
> > > No objection, just let me see the patch first.
> > In conjunction to what David had proposed, what do you think about
> > decreasing the RES_DFLRETRY from 4 to 2, like in other systems and in
> > BIND9's resolver?
> Could you try this change in your system and report the exact
> results, such as output from tcpdump? That is how we could judge
> the change in question... Or were the results reported already?
Ok, I rebuilded the world and the kernel with this change and tested it
with tcpdump and a small program from the bin/62139 PR. During the test
I saw two "A? yahoo.com." requests, then two "A? yahoo.com.lan."
requests and that all taked only 30 seconds for gethostbyname() to give
up with one unreachable DNS. Now it looks better than before.
But I think there is still a bug. If I change hostname from "saturn.lan"
to just "saturn" I see 4 "A? yahoo.com." requests, like in the PR with
"options attemts:2". Why it tries to repeat the requests when the domain
name is empty and so is the search list by default? That is the
doubling I had wrote about in the PR.
More information about the freebsd-stable