Jason Pyeron wrote: > >> -----Original Message----- >> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On >> Behalf Of Filipe Brandenburger >> Sent: Friday, May 23, 2008 8:55 PM >> To: CentOS mailing list >> Subject: Re: [CentOS] how to debug ssh slow connection issues. >> >> Try to change this in your /etc/ssh/sshd_config: >> >> >> Change: >> >> UseDNS yes >> to: >> UseDNS no >> > > Okay that fixed it, but why? I used nslookup and set my server to the same > as /etc/resolv.conf. There were no delays, at all all of our class C > resolves both ways (and matching) same as out private net. > > Where to go next on "properly" fixing this sshd/dns issue? > > From the earlier posts, it appears that your DNS server is not properly resolving the REVERSE addresses, i.e. IP address-to-hostname. SSH does a reverse lookup, trying to resolve the IP address to a hostname, unless you set the "UseDNS" option to "no". Until you fix your DNS server to properly resolve the reverse addresses for your network you will continue to have this issue. Having gone down this road myself, it's not as hard as it sounds. Just having a nameserver resolve your local FORWARD zone won't cut it, you have to have the REVERSE zone set up too. In my example, I have a local network named "local" (how original!) and use the 192.168.1.0/24 address range. The nameserver I use (Bind 9 on a CentOS box) is configured mostly as a caching nameserver but resolves two local domains, "local" and "1.168.192.in-addr.arpa". All of the name-to-ip entries ("A" records) and aliases ("CNAME" records) are in the "local" zone, all of the ip-to-name entries ("PTR" records) are in the "1.168.192.in-addr.arpa" zone. If this is mostly gibberish, it might be a good idea to brush up a bit on using the bind nameserver, there are several useful tutorials available on the web, a quick Google search will turn up several. The best reference I can recommend is "DNS and Bind" by Paul Abniz and Cricket Liu, published by O'Reilly. There's a good combination of theory and practice in that book, but it is a daunting read for a newbie. Just my $.02! -- Jay Leafey - Memphis, TN jay.leafey at mindless.com -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5177 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080525/232bc1e0/attachment-0005.bin>