> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Jay Leafey > Sent: Sunday, May 25, 2008 2:17 PM > > Jason Pyeron wrote: > > > >> -----Original Message----- > >> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > >> Behalf Of Filipe Brandenburger > >> Sent: Friday, May 23, 2008 8:55 PM > >> > >> Try to change this in your /etc/ssh/sshd_config: > >> > >> > >> Change: > >> > >> UseDNS yes > >> to: > >> UseDNS no > >> > > > > Okay that fixed it, but why? I used nslookup and set my server to the > same > > as /etc/resolv.conf. There were no delays, at all all of our class C > > resolves both ways (and matching) same as out private net. > > > > Where to go next on "properly" fixing this sshd/dns issue? > > > > > > From the earlier posts, it appears that your DNS server is not properly > resolving the REVERSE addresses, i.e. IP address-to-hostname. SSH does > a reverse lookup, trying to resolve the IP address to a hostname, unless > you set the "UseDNS" option to "no". Agreed, but all of my tests indicate DNS is fine > > Until you fix your DNS server to properly resolve the reverse addresses > for your network you will continue to have this issue. Having gone down > this road myself, it's not as hard as it sounds. Just having a > nameserver resolve your local FORWARD zone won't cut it, you have to > have the REVERSE zone set up too. It does the reverse, indicated many posts ago, but has been since snipped out. > > In my example, I have a local network named "local" (how original!) and > use the 192.168.1.0/24 address range. The nameserver I use (Bind 9 on a > CentOS box) is configured mostly as a caching nameserver but resolves > two local domains, "local" and "1.168.192.in-addr.arpa". All of the > name-to-ip entries ("A" records) and aliases ("CNAME" records) are in > the "local" zone, all of the ip-to-name entries ("PTR" records) are in > the "1.168.192.in-addr.arpa" zone. > Ditto. DNS test for 192.168.1.0/24 and known not to exist 192.168.99.99 [root at devserver21 ~]# for i in `seq 0 255`; do host 192.168.1.$i | grep NXDOMAIN; done; host 192.168.99.99 | grep NXDOMAIN Host 220.127.116.11.in-addr.arpa not found: 3(NXDOMAIN) [root at devserver21 ~]# for i in `seq 0 255`; do host 192.168.1.$i; done; host 192.168.99.99 -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited.