xinetd delays in in.rshd responses (cluster problem, long)
Tim Prendergast
fc at haxorwear.com
Tue Nov 8 18:27:23 UTC 2005
There is also no iptables installed, so firewall is out of the equation.
There should be no DNS involved because every host it talks to in the
process is in the /etc/hosts file, and the /etc/host.conf is 'order
hosts,bind'. My /etc/nsswitch.conf has files then dns listed as the args
after hosts... Technically, this should disable any lookups outside of
resolving in the hosts file for everything in the hosts file. We all know
that isn't always the case, which is why I'm asking here on the list. TCP
wrappers should be minimal, considering I just opened up a ALL:ALL in
hosts.allow to eliminate that possibility.
-Tim
----- Original Message -----
From: "Les Mikesell" <lesmikesell at gmail.com>
>
> Yes IDENT is normally fast if it either completes or isn't running
> and you get an ICMP rejection. The thing that might have made
> it slow would be if you had a firewall dropping the packets
> so you'd get a timeout instead. Another thing that happens
> during a connection is a reverse DNS lookup to log the
> connecting host name and perhaps a check against hosts.allow
> and hosts.deny. How fast does your DNS respond?
>
> --
> Les Mikesell
More information about the users
mailing list