-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Jay Leafey Sent: Sunday, May 25, 2008 2:17 PM
Jason Pyeron wrote:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Filipe Brandenburger Sent: Friday, May 23, 2008 8:55 PM
Try to change this in your /etc/ssh/sshd_config:
Change:
UseDNS yes to: UseDNS no
Okay that fixed it, but why? I used nslookup and set my server to the
same
as /etc/resolv.conf. There were no delays, at all all of our class C resolves both ways (and matching) same as out private net.
Where to go next on "properly" fixing this sshd/dns issue?
From the earlier posts, it appears that your DNS server is not properly resolving the REVERSE addresses, i.e. IP address-to-hostname. SSH does a reverse lookup, trying to resolve the IP address to a hostname, unless you set the "UseDNS" option to "no".
Agreed, but all of my tests indicate DNS is fine
Until you fix your DNS server to properly resolve the reverse addresses for your network you will continue to have this issue. Having gone down this road myself, it's not as hard as it sounds. Just having a nameserver resolve your local FORWARD zone won't cut it, you have to have the REVERSE zone set up too.
It does the reverse, indicated many posts ago, but has been since snipped out.
In my example, I have a local network named "local" (how original!) and use the 192.168.1.0/24 address range. The nameserver I use (Bind 9 on a CentOS box) is configured mostly as a caching nameserver but resolves two local domains, "local" and "1.168.192.in-addr.arpa". All of the name-to-ip entries ("A" records) and aliases ("CNAME" records) are in the "local" zone, all of the ip-to-name entries ("PTR" records) are in the "1.168.192.in-addr.arpa" zone.
Ditto.
DNS test for 192.168.1.0/24 and known not to exist 192.168.99.99
[root@devserver21 ~]# for i in `seq 0 255`; do host 192.168.1.$i | grep NXDOMAIN; done; host 192.168.99.99 | grep NXDOMAIN Host 99.99.168.192.in-addr.arpa not found: 3(NXDOMAIN) [root@devserver21 ~]# for i in `seq 0 255`; do host 192.168.1.$i; done; host 192.168.99.99
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited.