On Sun, Feb 19, 2006 at 10:57:01PM +0200, Rostislav Krasny wrote: > On Sun, 19 Feb 2006 13:49:12 +0300 > Yar Tikhiy <[EMAIL PROTECTED]> wrote: > > > On Sat, Feb 18, 2006 at 01:20:29AM +0200, Rostislav Krasny wrote: > > > On Thu, 16 Feb 2006 08:35:18 +0100 > > > [EMAIL PROTECTED] (Dag-Erling Sm??rgrav) wrote: > > > > > > > David Malone <[EMAIL PROTECTED]> writes: > > > > > I did once mail des@ to ask him if he'd mind me changing the default > > > > > login timeout for sshd to be (say) 5 minutes rather than 1 minute, > > > > > but I think he was busy at the time. Judging by the PR mentioned > > > > > above it should be at least 2m30s by default. Des, would you mind > > > > > this change being made? > > > > > > > > No objection, just let me see the patch first. > > > > > > In conjunction to what David had proposed, what do you think about > > > decreasing the RES_DFLRETRY from 4 to 2, like in other systems and in > > > BIND9's resolver? > > > > Could you try this change in your system and report the exact > > results, such as output from tcpdump? That is how we could judge > > the change in question... Or were the results reported already? > > Ok, I rebuilded the world and the kernel with this change and tested it > with tcpdump and a small program from the bin/62139 PR. During the test > I saw two "A? yahoo.com." requests, then two "A? yahoo.com.lan." > requests and that all taked only 30 seconds for gethostbyname() to give > up with one unreachable DNS. Now it looks better than before. > > But I think there is still a bug. If I change hostname from "saturn.lan" > to just "saturn" I see 4 "A? yahoo.com." requests, like in the PR with > "options attemts:2". Why it tries to repeat the requests when the domain > name is empty and so is the search list by default? That is the > doubling I had wrote about in the PR.
The "doubling" happens only to name->IP lookups, but not to reverse lookups, according to my observations. Therefore DNS requests by sshd and friends shouldn't be affected. However, sshd will make 3 (!) lookups on the client IP address by itself. I wonder if there is a good reason for that. I also found that the second round of the "doubling" would use the first domain from `search' line if it is in resolv.conf. The rest of domains specified on `search' line are ignored. Hoping this observation will come useful, should somebody want to fix this bug. -- Yar _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
