We have a peculiar problem with ssh connection. We have a local DNS Server to resolve the local subnet. 192.100.X.X

Since few days ago we have started getting problem while connecting to local servers using hostname, so this is what happens: when I ssh from one local UNIX system (systemA) to another UNIX system (systemB) it waits for few seconds(10-20 sec) and then gets through. Next time immediately if I try same connection, it gets through immediately. Which it used to be like this. But now everytime ssh connection to local server.

Surprisingly when I try to do it using IP address, it gets through immediately. I say surprisingly because nslookup gives correct ip address of the systemB hostname that too quickly.

So if I assume DNS is working correctly then why ssh connection takes time? I searched on the Internet and there are some suggestions, e.g. setting UseDNS to No. But it didn't help me.

ssh root@systemB -vvv
OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
-------------At this stage it waits for 15-20 seconds----------------

And then it gets through....

debug1: Connecting to bachost [192.100.X.X] port 22.
debug1: Connection established.
:
:
:


I tried to check the DNS logs,

ar 10 10:10:23.103 queries: info: client systemC#54765: query: systemB.locallan IN AAAA Mar 10 10:10:23.104 queries: info: client systemC#54765: query: systemB.locallan2 IN AAAA Mar 10 10:10:23.105 queries: info: client systemC#54765: query: systemB.wanlan IN AAAA Mar 10 10:10:28.104 queries: info: client systemC#54766: query: systemB.locallan IN AAAA Mar 10 10:10:28.104 queries: info: client systemC#54766: query: systemB.locallan2 IN AAAA
Mar 10 10:10:28.105 queries: info: client systemC#54766: query: systemB.wanlan IN AAAA Mar 10 10:10:28.115 queries: info: client systemC#54768: query: systemB.wanlan IN AAAA Mar 10 10:10:33.116 queries: info: client systemC#54771: query: systemB.wanlan IN AAAA Mar 10 10:10:33.123 queries: info: client systemC#54772: query: systemB.corporatelan IN AAAA Mar 10 10:10:33.123 queries: info: client systemC#54772: query: systemB.locallan IN A Mar 10 10:10:38.121 queries: info: client systemC#54772: query: systemB.corporatelan IN AAAA –
Mar 10 10:10:38.126 queries: info: client systemC#54772: query: systemB.locallan IN A –


Please note that the DNS resolution logs indicate that it first resolved the hostname with AAAA records and in the end with actual A record which is the required one. So meantime the delay of 10:10:23 - 10:10:38 seconds is caused . Can I somehow make DNS resolv it directly A records and do not waste time on AAAA records? I tried to change the option single-request-reopen on SystemA but then when I tried to do ssh systemB , it did not change anything.


This issue seems not to happen with SLES 12 systems but only SLES10 systems.
ssh -4 does seem to resolv this problem for few hosts.

Any pointers in this regard will be helpful.

This thread - https://ubuntuforums.org/showthread.php?t=1865873 - suggests editing /etc/ssh/ssh_config to include

AddressFamily inet

(check the explanation in the 4th post)

Thanks but did not help.

Did the DNS logs at least show that changing the setting disabled the IPv6 connections as intended?

No its same. If I use -4 while doing ssh , it goes through without any delay.

Since there is no update to my post, I would like to add one.

It is definitely something to do with SSH+DNS , as I have checked with dig , my local DNS works perfectly fine. Its only when I use ssh , DNS logs show that it goes to resolve a particular hostname in a loop ,starting with the domains defined in my resolv.conf file. Thats fine as well but it goes to resolv first AAAA records instead of A records. Which is where the delay occurs.