Bug 54663 - updated RH7.1 openssh and openldap packages causing 30 second connection delays
Summary: updated RH7.1 openssh and openldap packages causing 30 second connection delays
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: openssh   
(Show other bugs)
Version: 7.1
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2001-10-15 19:24 UTC by Adam Gibson
Modified: 2007-04-18 16:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-03-31 11:56:41 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Adam Gibson 2001-10-15 19:24:25 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010816

Description of problem:
RedHat has been changing defaults for ipv6 lookups for a few
packages(openssh and openldap).  Some sites will have a 30 second delay
while trying to establish connections because some DNS servers do not
handle ipv6 queries very well(MS DNS for example).  What appears to happen
WITHOUT the --with-ipv4-default configured, the client requests AAAA
addresses but does not try a regular A record until it gets a response from
one of the AAAA probes.  Unfortunately for some network/dns setups, the DNS
Server does not send an not found response until the DNS lookup times out
on the server, which delays the client lookup.

I hope you start enabling --with-ipv4-default again for both openssh and
openldap, as I have to recompile the packages for all my systems to get
things acceptable again.

The default openssl and openldap packages work fine, so this change was
done during an upgraded version for a single RedHat version(NOT GOOD).  An
update should not change any features of a package IMHO, as you take a
chance of breaking someones network if the change does not work for everyone.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.install redhat7.1 and update openssl and openldap packages
2.install MSDNS and point the resolv.conf of the client to the MSDNS server
for lookups.  Make sure MSDNS server can resolve internet domain names.
3.try connecting with openssh client to a server name that is hosted
somewhere on the internet.  You will see a 30 second delay while the client
sends AAAA probes, and then it will finally try an A record and get the
correct IP.

Actual Results:  Client connection delayed for 30 seconds.

Expected Results:  Client should have tried the A at the same time as the
AAAA records, or try an A record first and not wait 30 seconds to try an A

Additional info:

Comment 1 Tomas Mraz 2005-02-03 09:50:55 UTC
Could you please retest with current Fedora Core distribution?

Comment 2 Tomas Mraz 2005-03-31 11:56:41 UTC
No response, please reopen if still happens with a current FC/RHEL release.

Note You need to log in before you can comment on or make changes to this bug.