[avahi] problem with nss_mdns4 doing long timesouts looking up dotted decimals

Norman Ramsey nr at eecs.harvard.edu
Fri Mar 23 13:08:49 PDT 2007

 > On Sat, 10.03.07 12:20, Norman Ramsey (nr at eecs.harvard.edu) wrote:
 > > With a recent update, it now takes me 10 or 15 seconds to do any opeation
 > > involving ssh.  Using strace, I believe I've tracked the problem 
 > > to avahi's lair.  Here's a fragment of an strace: the NSS opens
 > > libness_mdns4, which connects to an avahi-daemon socket and asks it to
 > > resolve a dotted-decimal address.  It takes 5 seconds to time out
 > > (i.e., it takes 5 seconds for the read() to complete).  For reasons I
 > > don't understand, ssh does this lookup *twice* to make a connection.
 > > Result: every little remote cvs operation comes with a 10-second
 > > delay.  This is driving me crazy; can anyone think of a workaround?
 > If nsswitch.conf is configured correctly (and yours appears to be),
 > this timeout should only happen if no DNS reverse name is configured
 > for that IP address, and neither a mDNS reverse name.

Very odd.  There is a DNS server built into my firewall and this is
probably causing the problem.

 > There are several way to work around this:
 > 1) Remove the final "mdns4" from the nsswitch.conf line. This will
 >    disable reverse mDNS lookups for all IP addresses outside the
 > range. 

If I remove mdns4, will the earlier mdns4_minimal be sufficient to
identify hosts in the .local domain on the same LAN segment?

 > The current default behaviour does its best to avoid this timeout, by
 > putting the DNS lookups first, but you're still bitten because your
 > DNS doesn't include proper mappings for this IP address.

Yes.  I blame Bill Gates (the firewall is made by Microsoft).

Thanks so much for the workarounds!


More information about the avahi mailing list