A possible fix for slow SSH and Safari domain issues

Jun 22, '05 10:32:00AM

Contributed by: allentown

For the most part, this hint applies to Tiger only, but there may be aspects of it surrounding ssh and connections in general that are good for pre-Tiger as well.

First, lets start with the slow SSH logins. As you may be aware, the Apple Discussion Forums has been getting a little noise about this problem, where ssh'ing into remote machines takes an unusually long amount of time. Between that and other sites, there are several posts where people have this problem, along with varying solutions

I have seen this issue pop up on the openSSH mailing list, and google groups as well, so it is getting more and more attention. Of all the workarounds, none worked for me at all, I was averaging 45 second connection times to servers over ssh. The only constant was Tiger. Linux and pre Tiger had no such problems. If you read the links, you will find varying solutions from editing configuration files to creating local entries in /etc/hosts. Again, none worked for me.

I was starting to get down and dirty and poking around in tcpdump to see what was really going on. It appears a massive amount of DNS lookups are happning, in general, I was seeing 30 or more lookups to get to the final host, where DNS was traversing every hostname and every reverse of that hostname looking for a response. In my case, Comcast just does not like to reply for reverse DNS at all.

I am leaning on it being related to problems with IPv6, cheaper home style routers, and certain ISP's that are not playing nice with reverse DNS and IPv6, though I can not be 100% sure. I can say that one way to resolve it, is for me to use my own DNS server at my collocation facility, which I know is configured correctly and can handle the lookups. I was not entirely happy to do this as I like to use my connection ISP's DHCP supplied DNS so I know I am getting to sites that everyone else is getting to.

With the background on that slow SSH issue explained, there is also a new problem many are having with Safari. You used to be able to type in "domain", where domain may be "macosxhints", "apple", "amazon" etc, and Safari was smart enough to start looking up the .com, then .net versions of those sites ... generally taking you to the first hit. A number of people, myself included, were ending up at pages that had nothing to do with the site we were used to arriving at. There definitely seems to be a trend in this affects Comcast users the most, but it also affects others as well.

Finally, I started poking around in TCP/IP settings and wanted to know what the heck the "Search Domains" field was for. For the first time in my life, I decided to use Apple Help and it found a result... Here is what it has to say:

You can use search domains to avoid typing the complete address of Internet domains you use frequently. The search domains you enter in your Network preferences are automatically appended to names you type in Internet applications. For example, if you specify the search domain apple.com, typing "store" in your web browser takes you to store.apple.com. Or, if you use campus.university.edu as a search domain, you can type "server1" in the Finder's Connect To Server dialog to connect to server1.campus.university.edu.
And that is the solution to all my problems, and the basis of this hint. Simply enter in .com as the search domain, and click "Apply Now". For me, that cured my Safari issues and my slow SSH issues.

Some people may already have something in that field; I notice that Airport Admin Utility, on some networks, auto fills it in with .com or sometimes the ISP's host name. In those cases, I am betting those are the lucky users who are not affected by this. Others not affected would include those with smarter routers, ie: not a Linksys sub-$100.00 product, those with control of their own DNS, and of course, those who are sitting in just the right phase with the moon.

If anything, this should keep Safari from dropping you into domain registrar page holder sites. For me, though, it was a two-fold solution and fixed my slow SSH issues as well

Comments (11)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20050608020340547