freebsd stable - Oct 2005 - Hosts/dns contention in FBSD 5.4

I have sytems both at home and at work running FreeBSD 5.4 
release with a more or less standard installation. 

Both systems are connected to internet routers via a nics;
and under normal circumstances all works fine -- or at least 
seems to be working fine. In both cases there are other 
computers connected via LAN.

But if the internet connection breaks -- e.g. the routers crash
or the ISP connection fails for some reason then trying to ssh 
into the machine from another local machine is a problem -- 
either timing out our taking a very very long time.

With the internet connection down I notice a similar problem when
booting in the sendmail script.

Now it is my understanding that resolution of host names should 
determine from /etc/host.conf and/or /etc/nsswitch.conf whether 
to first try /etc/host or the dns server addressed by 
/etc/resolv.conf

I believe these should give preference to /etc/hosts but 
never-the-less things get stuck when the dns server can't be 
reached.

************/etc/host.conf****************
# Auto-generated from nsswitch.conf, do not edit
hosts
bind

************/etc/nsswitch.conf************
group: compat
group_compat: nis
hosts: files dns
networks: files
passwd: compat
passwd_compat: nis
shells: files

Am I missing something? (Probably)
Is this behaviour normal?
Can the lockups be avoided?

Any help, ideas or clarification would be appreciated.

Malcolm Kay

When the DNS can't be reached you need to have the
server's host name in your local-LAN accessing
client's hosts file.  Either way, the client hosts
file will be checked first before DNS access (this is
true for Windows OSs at least), so because of this you
can use any name in your local client, i.e., a NetBIOS
name for example (non-dotted up to 15-character,
etc.).

BZAG
===============

--- Malcolm Kay <malcolm.kay@internode.on.net> wrote:
> I have sytems both at home and at work running
> FreeBSD 5.4 
> release with a more or less standard installation. 
> 
> Both systems are connected to internet routers via a
> nics;
> and under normal circumstances all works fine -- or
> at least 
> seems to be working fine. In both cases there are
> other 
> computers connected via LAN.
> 
> But if the internet connection breaks -- e.g. the
> routers crash
> or the ISP connection fails for some reason then
> trying to ssh 
> into the machine from another local machine is a
> problem -- 
> either timing out our taking a very very long time.
> 
> With the internet connection down I notice a similar
> problem when
> booting in the sendmail script.
> 
> Now it is my understanding that resolution of host
> names should 
> determine from /etc/host.conf and/or
> /etc/nsswitch.conf whether 
> to first try /etc/host or the dns server addressed
> by 
> /etc/resolv.conf
> 
> I believe these should give preference to /etc/hosts
> but 
> never-the-less things get stuck when the dns server
> can't be 
> reached.
> 
> ************/etc/host.conf****************
> # Auto-generated from nsswitch.conf, do not edit
> hosts
> bind
> 
> ************/etc/nsswitch.conf************
> group: compat
> group_compat: nis
> hosts: files dns
> networks: files
> passwd: compat
> passwd_compat: nis
> shells: files
> 
> Am I missing something? (Probably)
> Is this behaviour normal?
> Can the lockups be avoided?
> 
> Any help, ideas or clarification would be
> appreciated.
> 
> Malcolm Kay
> 
> _______________________________________________
> freebsd-stable@freebsd.org mailing list
>
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to
> "freebsd-stable-unsubscribe@freebsd.org"
>

On Wed, 5 Oct 2005 01:13 am, Spartak Radchenko wrote:
> On Wed, Oct 05, 2005 at 12:50:26AM +0930, Malcolm Kay wrote:
> [...]
>
> > But if the internet connection breaks -- e.g. the routers
> > crash or the ISP connection fails for some reason then
> > trying to ssh into the machine from another local machine is
> > a problem -- either timing out our taking a very very long
> > time.
>
> Add sshd_flags="-u0" in /etc/rc.conf.
A great thought; but unfortunately it doesn't seem to help.

Thanks,
Malcolm Kay

On Wed, 5 Oct 2005 11:06 am, Jeremy Bogan wrote:
> You could try running a caching DNS server locally, DjbDNS is
> simple to setup and get going.
>
Yes, I have thought that maybe a local simple caching dns 
server would help; and if I can't otherwise fix the problem 
I'll give it a go. And I appreciate your suggestion of 
DjbDNS.

It does seem however that this should not be necessary.

Thanks,
Malcolm Kay
> On 05/10/2005, at 1:20 AM, Malcolm Kay wrote:
> > ...
> > But if the internet connection breaks -- e.g. the routers
> > crash or the ISP connection fails for some reason then
> > trying to ssh into the machine from another local machine is
> > a problem -- either timing out our taking a very very long
> > time.
> > ...

On 05/10/2005, at 1:20 AM, Malcolm Kay wrote:
> ...
> But if the internet connection breaks -- e.g. the routers
> crash or the ISP connection fails for some reason then
> trying to ssh into the machine from another local machine is
> a problem -- either timing out our taking a very very long
> time.
I had this same problem before and was advised to change 

#UseDNS yes

to no in sshd_config

It did help.

Good luck
Robert