bin/62139: User cannot login through telnet or ssh because of reverse resolving delay

Yar Tikhiy yar at FreeBSD.org
Thu Sep 30 03:00:49 PDT 2004


The following reply was made to PR bin/62139; it has been noted by GNATS.

From: Yar Tikhiy <yar at FreeBSD.org>
To: Rostislav Krasny <rosti_bsd at yahoo.com>
Cc: freebsd-gnats-submit at FreeBSD.org
Subject: Re: bin/62139: User cannot login through telnet or ssh because of reverse resolving delay
Date: Thu, 30 Sep 2004 13:50:37 +0400

 On Thu, Sep 16, 2004 at 01:51:56PM -0700, Rostislav Krasny wrote:
 > 
 > > > Finally I add a custom "options" settings line in /etc/resolv.conf
 > > > file:
 > > > 
 > > > options		attempts:1
 > > > 
 > > > With this option my box is sending 2 "A? yahoo.com" requests. With
 > > > 'attempts:2' it sends 4 requests, with 'attempts:3' it sends 6
 > > > requests, with 'attempts:5' it sends 10 requests... and so on. Why
 > > > the numbers of actual requests are double of the defined numbers?
 > > 
 > > It means that ping seems to call the resolver twice each time.
 > 
 > In my test program a gethostbyname(3) function is called only once.
 
 I suspect that gethostbyname(3) may call resolver more than once.
 gethostbyname(3) is a "multiplexor" for many name resolution
 interfaces, e.g., DNS, hosts(5), NIS, etc.  When it does its job
 it has to canonize the name etc.  This may lead to more than 1 call
 to underlying mechanisms, e.g., the DNS resolver library.
 
 > > > What is the default value of the 'attempts' option? The resolver(5)
 > > > man page states that the default value is defined by RES_DFLRETRY
 > in
 > > > <resolv.h>. But there is no RES_DFLRETRY in /usr/include/resolv.h
 > > > file. In other systems the RES_DFLRETRY is defined as 2.
 > > 
 > > RES_MAXRETRY. 5.  The man page seems to give a wrong name there.
 > > I'll fix it later.
 > 
 > Thank you for the fixing. I've seen your commits:
 > 
 > http://docs.freebsd.org/cgi/mid.cgi?200409091739.i89HdlwM019548
 > http://docs.freebsd.org/cgi/mid.cgi?200409091742.i89HgIan019681
 > http://docs.freebsd.org/cgi/mid.cgi?200409091719.i89HJRGu019026
 > 
 > According to them the default value of the 'attempts' option was and
 > still is 4 and RES_DFLRETRY is the right name. But most of UNIX and
 > UNIX-like operating systems that I checked have RES_DFLRETRY defined as
 > 2, not as 4. They are: Solaris, AIX, Linux and even NetBSD. Only
 > OpenBSD have it hardcoded as 4.
 > 
 > > > IMHO the default value of the 'attempts' option should be 2 and it
 > > > must not be doubled. With the default value of 'timeout' option
 > > > (5 seconds) it should take no more than 10 seconds to decide that
 > > > one DNS is unreachable or not.
 > > 
 > > You are misinterpreting the `timeout' option.   See RFC 1536 or the
 > > code.  And `attempts' is not doubled, that is a consequence of the
 > > application behaviour.
 > 
 > Maybe I was wrong with the `timeout' option but I think I was right
 > with the `attempts' one.
 > 
 > > I feel that losing all DNS servers is just slightly better
 > > than losing the network connection at all.  Therefore console
 > > access to such machine is the answer.  Trying to overcome that
 > > in software is too risky, at least for the default configuration.
 > > I'd rather close this PR.
 > 
 > The point is that the default configuration of resolver(5) in FreeBSD
 > is different from most of other Unices and even NetBSD. Why it is
 > different? Also the double number of DNS requests is not clear for me yet.
 
 If you believe the default configuration should be adjusted,
 please feel free to conduct a discussion on a FreeBSD mailing
 list, e.g., freebsd-net or freebsd-hackers.  Personally I don't
 feel like touching the default configuration, but even if I did,
 our two votes wouldn't be enough.
 
 -- 
 Yar


More information about the freebsd-bugs mailing list