ssh/DNS timeout issue

[Chris Johnson]

I've installed FreeBSD-5.2.1-RELEASE on two different boxes, and they're both
exhibiting the same odd problem with DNS timeouts on ssh logins. Before you
say, "Fix your reverse DNS!," please hear me out.

When I make an ssh connection to one of these boxes, I get a password prompt
instantly--there's no delay at all. I watch the DNS server's log and I see the
reverse DNS request being asked and answered. After I enter the correct
password, however, I get the long delay, and as I watch the DNS server's log I
see the reverse DNS request being asked and answered repeatedly, but the answer
apparently isn't being received.

If I copy ~/.ssh/id_dsa.pub on the client to ~/.ssh/authorized_keys on the box
to which I'm trying to connect and then log in using public key authentication,
then I can log in without any DNS delays.

If I use opie passwords to log in, I get the same DNS delay. If, however, I
just hit Enter instead of entering my opie password until I'm presented with a
regular password prompt and then enter my password, then I can log in with no
DNS delay.

It occurs to me that the common denominator is PAM. When PAM becomes involved
with my logging in, I get the long delays. I changed
ChallengeResponseAuthentication to "no" in sshd_config, restarted sshd, and
sure enough the delays vanished. I need opie passwords, however, so this isn't
an option for me.

Everything in sshd_config is set to the default, except that I allow only
protocol 2.

Does anyone know what the deal is?

Chris Johnson