LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-15-2004, 12:37 AM   #1
anmsg
LQ Newbie
 
Registered: Oct 2004
Posts: 12

Rep: Reputation: 0
Too much delay in ftp/ssh to start


I have exactly same setup in two offices. From one office, if I try to do ftp (or ssh) to anywhere in the world, it takes a long time before the login prompt comes (roughly 10-15 seconds minimum). Ftp normally takes far more time though.

However, from another office, I get it almost instantaneously!

I was told by several people that it could be "Reverse DNS Mapping" which is causing this trouble. If that is really the case, then I should get the trouble in both offices since they have exactly same kind of DNS setup (of course, with the difference of their own external/internal IPs).

I also have similar type of "/etc/hosts", "/etc/resolv.conf" and "/etc/nsswitch.conf" files at both ends. I have also checked "/etc/hosts.allow" and "/etc/hosts.deny" files at both ends. They are essentially empty.

The machines where I try this, are the main masquerading machines connected directly to the internet via modem/router and firewall. There is of course, internal network at both offices which is connected via VPN (ipsec).

Could it be the case that some DNS entries at ISP of problematic office is causing some trouble here?

Thanks all for your time..

Last edited by anmsg; 10-15-2004 at 12:42 AM.
 
Old 10-15-2004, 01:52 AM   #2
mastahnke
Member
 
Registered: Feb 2002
Location: IL
Distribution: Ubuntu currently, also Fedora, RHEL, CentOS
Posts: 111

Rep: Reputation: 15
really sounds like dns. You can change your /etc/ssh/sshd_config to not do reverse dns lookup, that could save you time. Also, most ftp daemons can be changed. Sounds like dns is hosed at one end, or your NAT has no reverse record.


MIKE
 
Old 10-15-2004, 04:50 AM   #3
anmsg
LQ Newbie
 
Registered: Oct 2004
Posts: 12

Original Poster
Rep: Reputation: 0
Could you please tell what to change in "/etc/ssh/sshd_config"? Also, I am using vsftpd on the problematic office. How do I disable reverse name lookup there?
 
Old 10-15-2004, 08:46 AM   #4
mciann
LQ Newbie
 
Registered: Feb 2004
Posts: 3

Rep: Reputation: 0
I think the following entry would do it (in /etc/ssh/sshd_config):

Code:
VerifyReverseMapping no
Note that you would need to make this change on the servers you are trying to reach from the affected office, not the servers located at this office.

The problem is that when you contact a host from this office, the host tries to do an inverse lookup on your public IP address. If there is no reply, pretty much everything that uses IP will be delayed. The real solution, therefore, is to contact your ISP and get a reverse DNS entry set up for that address.

Last edited by mciann; 10-15-2004 at 08:48 AM.
 
Old 10-15-2004, 08:52 AM   #5
LANLocked
LQ Newbie
 
Registered: Oct 2004
Posts: 4

Rep: Reputation: 0
could do manual entries in /etc/hosts

If your IP address for your office router is statice you could simply put an entry in the /etc/hosts file of the machines that you are trying to connect to.
 
Old 10-15-2004, 11:43 AM   #6
mciann
LQ Newbie
 
Registered: Feb 2004
Posts: 3

Rep: Reputation: 0
Quote:
If your IP address for your office router is statice you could simply put an entry in the /etc/hosts file of the machines that you are trying to connect to.
I haven't had success with that approach in the past. Will the machine look to /etc/hosts to do an inverse?
 
Old 10-15-2004, 01:31 PM   #7
hearsey
LQ Newbie
 
Registered: Oct 2004
Distribution: AS3 et al
Posts: 3

Rep: Reputation: 0
/etc/hosts additions have worked for me in the past.
 
Old 10-15-2004, 01:52 PM   #8
jcomeau_ictx
LQ Newbie
 
Registered: Aug 2004
Location: Petaluma, CA, US
Distribution: Debian GNU/Linux squeeze/sid
Posts: 28

Rep: Reputation: 17
Quote:
Originally posted by mciann
I haven't had success with that approach in the past. Will the machine look to /etc/hosts to do an inverse?
That depends on /etc/nsswitch.conf. Look for:

hosts: files dns

And you should be OK putting the static IP in. But as the other guys pointed out, your best bet is to always disable reverse lookups in your daemons. I know proftpd has such a setting.

[added later:] The tools 'strace' and 'tcpdump' are invaluable in solving this type of problem, but it takes a while to get proficient with them.

Last edited by jcomeau_ictx; 10-15-2004 at 01:55 PM.
 
Old 10-15-2004, 07:20 PM   #9
linuxles
Member
 
Registered: Mar 2004
Location: Austin, TX
Distribution: CentOS Fedora RHEL SLES Knoppix
Posts: 78

Rep: Reputation: 15
Quote:
Originally posted by mciann
I think the following entry would do it (in /etc/ssh/sshd_config):

Code:
VerifyReverseMapping no
The default value for Reverse Lookups is "no", so unless he has specifically
changed his SSH Configuration to do reverse lookups that won't be it.

/Les
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Connection with Long Delay (Telnet, Ftp) sarmadys Linux - General 8 02-09-2011 01:55 AM
xinetd + ssh = login delay Shawn_Lewis Linux - Networking 0 08-19-2005 04:26 PM
A strange delay when start-up LinxNew Linux - Laptop and Netbook 1 04-29-2005 10:44 AM
ssh password prompt delay long while chaze Linux - Networking 1 04-14-2005 11:03 PM
30 second application start delay with KPPP yfn *BSD 3 05-31-2004 03:43 PM


All times are GMT -5. The time now is 11:38 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration