FreeBSD-11.1 Jails and SSL
Matthew Seaman
matthew at FreeBSD.org
Fri Jul 20 12:15:44 UTC 2018
On 19/07/2018 21:52, James B. Byrne via freebsd-questions wrote:
> On Thu, July 19, 2018 16:38, Philipp Vlassakakis wrote:
>>> Am 19.07.2018 um 22:29 schrieb James B. Byrne
>>> <byrnejb at harte-lyne.ca>:
>>>
>>> UseDNS=YES in /etc/ssh/sshd_config
>> Does the problem persists, if you disable this option?
>>
> No, it does not persist. Log ons are now as fast as with any other
> host. Why is UseDNS=YES (the default setting) a problem inside a jail
> and nowhere else?
>
SSH is doing a reverse lookup on the IP number your connection comes
from. It's possible you're timing out on the IP lookup specifically.
Particularly if you're using private address space -- local_unbound has
some special settings around the handling of RFC1918 zones -- so compare
the per-jail config with you main host (which I presume has no similar
problems?)
Another potential gotcha is if your reverse IP space has a broken DNSSEC
configuration: local_unbound defaults to enabling DNSSEC processing
(indeed, that's the primary reason for having local_unbound at all) and
DNSSEC signing failures will essentially make the affected data
disappear from the DNS.
Cheers,
Matthew
More information about the freebsd-questions
mailing list