Re: [tlug] Slooooooow down: logs, smartctl, DNS? [SOLVED?]: lessons to learn

[Bruno Raoult <braoult@example.com>]

Hi,

On Tue, Jan 18, 2011 at 17:58, <jep200404@example.com> wrote:

> Basically, it amounted to editing a file called /etc/ssh/sshd_config and
> making two changes.
>
> One was to add this line to the bottom of the file:
>
> UseDNS no

Yup. DNS (and more broadly, name resolution) issues can cause no
end of grief. A consistent delay that is a nice round number can
be a clue.
[...]
It seems that although you have made the symptoms disappear,
you do not have a complete understanding of what happened,
why it happened, and exactly what resolved the problem.
In other words, you are not really done yet.

As mentioned before, DNS (and more broadly, name resolution) issues can
cause no end of grief. Use this opportunity to more better understand
that. Ask yourself what symptoms of some future problem would suggest
scrutiny of name resolution?

Name resolution can hurt a lot.

I used the same method a couple of years ago: We were connecting to another private domain outside our own network.

Both companies had their own firewalls, and we used double NAT configuration.

DNS was not working between the domains, and firewalls (both ours and the other party ones) were configured as "black holes" (no negative answer, just no answer). ssh daemon (server side) wanted to log the name of the connecting machine, and went to the whole time-out processes, it was extremely long, just to get the prompt (a couple of minutes).

Another alternative would have been to add hosts to /etc/hosts, and ensure that nsswitch.conf was properly configured to use the file first. But I asked the 2 infra teams not to go this way, because of the double NAT configuration which would had make everything a nightmare to maintain on multiple machines across 7 countries.

My 2 Yen,

Bruno.

-- 
2 + 2 = 5, for very large values of 2.