[sslh] ssh protocol and server-starting
MJ Ray
mjr at phonecoop.coop
Thu Feb 9 17:35:27 CET 2012
Yves Rutschle <yves at naryves.com>
> On Thu, Feb 09, 2012 at 02:31:42PM +0000, MJ Ray wrote:
> > One quirk: it seemed that -n was required to avoid a very slow start.
> > I'll try to investigate that more when the server is less busy but it
> > could have been a temporary problem.
>
> That typically indicates a problem with your DNS setup: -n
> tells sslh to only use raw IP addresses in logs; without it
> it will perform reverse DNS request for all names, which can
> sometime take a very long time, if you DNS is too slow, or
> primary DNS is inaccessible, or something like that.
Yeah, but wouldn't that affect connections, not startup? Or is it
trying to look up some local address that might not be in /etc/hosts?
The server's DNS seems fine, but might not have been.
Anyway, -n seems like a good idea, else people accessing from sites
with broken DNS may be slowing things down a lot. This is similar
reasoning to why Apache HTTP Server defaults HostnameLookups Off now.
Maybe it should be the default behaviour in sslh too.
Regards,
--
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/
More information about the sslh
mailing list