:: Re: [DNG] ..should we set up our ow…
Top Pagina
Delete this message
Reply to this message
Auteur: Olaf Meeuwissen
Datum:  
Aan: Dr. Nikolaus Klepp
CC: dng
Onderwerp: Re: [DNG] ..should we set up our own usage policy wizard script?, was: OpenSSH: delay on beowulf
Hi Nik,

Dr. Nikolaus Klepp writes:

> Anno domini 2019 Mon, 11 Feb 10:51:09 +0100
> Didier Kryn scripsit:
>> Le 10/02/2019 à 18:19, Arnt Karlsen a écrit:
>> >>
>> >> There's nothing in the logs. It just takes verry long to start.
>>
>>
>> Tried to set LogLevel in sshd_config?
>>
>> or launch sshd with the -d option ?
>>
>>
>>     Didier

>
> Hi!
>
> The problem only exists if all of these conditions are met:
>
> - kernel 4.19. from beowulf
> - network up, but DNS of ISP not reacting in time or dhcpcd did not get a lease
> - sshd_config has "UseDNS yes"
> - first try to start sshd after boot
>
> The problem is solved by "UseDNS no" in sshd_config.


I've turned that off at the office because our DHCP clients were not
getting registered with the corporate DNS server(s). Made SSH client
connections slow as molasses.

> Now that sshd uses DNS on first startup is quite surprising - at least
> it was for me.


That UseDNS defaults to "yes" is not that surprising (it's a way to
catch spoofing attempts), but I fail to understand why it would slow
down the server's startup ... or, wait, I've seem something similar
before ... a service trying to connect to an SMTP server at start up
(if configured to use email notifications).

So I'm guessing sshd tries to connect to a DNS server when this option
is on to make sure DNS can be used. Perhaps it shouldn't and just try
to resolve on a per request basis, seeing as service availability may
come and go at any given time for a number of reasons.

Hope this clarifies a bit,
--
Olaf Meeuwissen, LPIC-2            FSF Associate Member since 2004-01-27
 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9
 Support Free Software                        https://my.fsf.org/donate
 Join the Free Software Foundation              https://my.fsf.org/join