Red Hat Bugzilla – Bug 54663
updated RH7.1 openssh and openldap packages causing 30 second connection delays
Last modified: 2007-04-18 12:37:37 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010816
Description of problem:
RedHat has been changing defaults for ipv6 lookups for a few
packages(openssh and openldap). Some sites will have a 30 second delay
while trying to establish connections because some DNS servers do not
handle ipv6 queries very well(MS DNS for example). What appears to happen
WITHOUT the --with-ipv4-default configured, the client requests AAAA
addresses but does not try a regular A record until it gets a response from
one of the AAAA probes. Unfortunately for some network/dns setups, the DNS
Server does not send an not found response until the DNS lookup times out
on the server, which delays the client lookup.
I hope you start enabling --with-ipv4-default again for both openssh and
openldap, as I have to recompile the packages for all my systems to get
things acceptable again.
The default openssl and openldap packages work fine, so this change was
done during an upgraded version for a single RedHat version(NOT GOOD). An
update should not change any features of a package IMHO, as you take a
chance of breaking someones network if the change does not work for everyone.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.install redhat7.1 and update openssl and openldap packages
2.install MSDNS and point the resolv.conf of the client to the MSDNS server
for lookups. Make sure MSDNS server can resolve internet domain names.
3.try connecting with openssh client to a server name that is hosted
somewhere on the internet. You will see a 30 second delay while the client
sends AAAA probes, and then it will finally try an A record and get the
Actual Results: Client connection delayed for 30 seconds.
Expected Results: Client should have tried the A at the same time as the
AAAA records, or try an A record first and not wait 30 seconds to try an A
Could you please retest with current Fedora Core distribution?
No response, please reopen if still happens with a current FC/RHEL release.