slow ssh and ssl ... dns problem?
Brad Knowles
brad at stop.mail-abuse.org
Mon Jun 6 20:49:54 UTC 2005
At 12:33 PM -0400 2005-06-06, Duane Winner wrote:
> Starting 3 days ago, suddenly it seemed to take a very, very, verly long
> time for ssh and ssl communications to negotiate between nodes on my
> network.
>
> I have 3 subnets:
>
> a LAN (10.10.0.0/16)
> a DMZ (10.20.0.0/16)
> a secured subnet for databases (10.30.0.0/16)
The problem is almost certainly reverse DNS for your networks.
These are RFC-1918 addresses, and while there is a project to serve
bogus reverse DNS data for them (so that the root nameservers don't
get buried with this traffic), but if your nameservers can't contact
those machines, you're going to have problems.
A better solution is to set up your own reverse DNS for your IP
addresses, so that you're not dependant on these external servers for
your internal DNS.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the bind-users
mailing list