HPE Community
Operating System - HP-UX
1847343 Members
1736 Online
110264 Solutions
New Discussion

telnet prompt very slow

 
jpcast_real
Regular Advisor

‎10-01-2004 02:48 AM

‎10-01-2004 02:48 AM

telnet prompt very slow

Hello,


I have a problem when a try to login a to an HP-UX system . It seems that the telnetd process makes a reverse lookup because it takes a long time until the login screen appears . If I introduce the client IP in the host file of the hp-ux system , it goes really fast . The problem is that I must disable this test because it takes too much time.

Can anyone help me???
Here rests one who was not what he wanted and didn't want what he was
0 Kudos
Reply
11 REPLIES 11
RAC_1
Honored Contributor

‎10-01-2004 02:56 AM

‎10-01-2004 02:56 AM

Re: telnet prompt very slow

How is your name resolution configured???
Check /etc/nsswitch.conf file.

Check DNS config for the host. Is reverse dns lookup OK for host??

How is /etc/resolv.conf configured???

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎10-01-2004 02:59 AM

‎10-01-2004 02:59 AM

Re: telnet prompt very slow

Hi Javier,

Try adding the following two lines and see if they help you.

retrans 500
retry 2

The above will timeout the server lookup after 500 ms after 2 tries.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎10-01-2004 03:02 AM

‎10-01-2004 03:02 AM

Re: telnet prompt very slow

I mean in resolv.conf..

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
jpcast_real
Regular Advisor

‎10-01-2004 03:03 AM

‎10-01-2004 03:03 AM

Re: telnet prompt very slow

This is my nsswitch configuration .

The main problem is that I can not control the IPs a clients names which try to connect to my system so the only possibility is to disable the reverse lookup in the DNS ...

Where do I have to add the retarns timeouts?? In which files??


Porthos:/home/jpcast> more /etc/nsswitch.conf
#
# /etc/nsswitch.hp_defaults:
#
# @(#)B.11.11_LR
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses NIS (YP) in conjunction with files.
#

hosts: files [NOTFOUND=continue] dns [NOTFOUND=return]
Here rests one who was not what he wanted and didn't want what he was
0 Kudos
Reply
RAC_1
Honored Contributor

‎10-01-2004 03:06 AM

‎10-01-2004 03:06 AM

Re: telnet prompt very slow

You use /etc/hosts and then DNS for name resolution for hosts. So if they are not in hosts file, you will have to take care of DNS only. Reverse lookup shold be set correctly in DNS then.

The parameters than Shridhar told are to be put in /etc/resolv.conf. For details on those parameters check the man page of resolver. (man 4 resolver)

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
jpcast_real
Regular Advisor

‎10-01-2004 03:12 AM

‎10-01-2004 03:12 AM

Re: telnet prompt very slow

I have added them in the resolv.conf but I do not find any change :

Porthos:/etc> more /etc/resolv.conf
domain sate2.com.
search sate2.com. device.sate2.com.
retrans 500
retry 2

When I take out the IP of the client from the /etc/hosts file it takes a lot...
Here rests one who was not what he wanted and didn't want what he was
0 Kudos
Reply
Mark Greene_1
Honored Contributor

‎10-01-2004 05:29 AM

‎10-01-2004 05:29 AM

Re: telnet prompt very slow

Yes, telnet does a reverse look-up. You cannot disable this. You said: "If I introduce the client IP in the host file of the hp-ux system , it goes really fast" and this is correct.

You'll have to make reverse DNS entries for each client that you want to give access to.

mark
the future will be a lot like now, only later
0 Kudos
Reply
jpcast_real
Regular Advisor

‎10-03-2004 06:08 PM

‎10-03-2004 06:08 PM

Re: telnet prompt very slow

but my main problem is that all the users who connect to the HP-UX system do it from an external network where a DHCP server gives them an IP address . I can not control the IP address of the users who are trying to connect to the server .

Apart from this there is another problem . This server is an slave server in a DNS structure . When primary server is running everything works fine and I do not have problems at all with the reverse lookup . When I shutdown the named process in the primary DNS server my problems start . Slave DNS server is still working , nslookup also , but I do not understand why the reverse lookup takes so much time. I have upgraded to bind 9 and included bigger TTL times in the zones but the problem is the same . When the primary server is stopped , name resolution works ok but telnet and ftp access is extremely slow..

I would appreciate your comments.

Here rests one who was not what he wanted and didn't want what he was
0 Kudos
Reply
jpcast_real
Regular Advisor

‎10-03-2004 08:37 PM

‎10-03-2004 08:37 PM

Re: telnet prompt very slow

Finally , telnet is much faster introducing the changes

retrans 500
retry 2

I introduced the changes but I didnt't feel the improvement until I rebooted the system. I thought that making changes in resolv.conf didn't need a reboot...???

Thanks a lot..
Here rests one who was not what he wanted and didn't want what he was
0 Kudos
Reply
Mike Patterson
Frequent Advisor

‎10-04-2004 10:00 AM

‎10-04-2004 10:00 AM

Re: telnet prompt very slow

I can verify that slow telnet HP-UX login prompts can definitely be caused by a DNS server failing to promptly provide reverse lookups. We run Cisco Network Registrar (CNR) DNS servers. If the reverse lookup indexes become corrupt on the primary DNS, then prompts get real slow. Eventually, the secondary DNS kicks in and the prompt appears. We rebuild the CNR reverse lookup indexes to fix the problem. My followup question is this: why don't our other systems running other brands of UNIX experience the slow telnet logins under these conditions? (SSH will replace telnet as resources allow.) Thanks in advance.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎10-04-2004 12:56 PM

‎10-04-2004 12:56 PM

Re: telnet prompt very slow

There is no way to disable the reverse lookups (given an IP address, find the hostname). This is a security protocol to make sure that the device trying to gain access is authorized. DNS is very important to the security and stability of your network so every authorized computer should have reverse lookup records. It is very common for PC-based DNS servers to forget this part of DNS records. And of you need HP-UX email capability, the DNS server must also supply MX records for mail hosts.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.