Symptom: customer complains about slow response to SSH server running on one Centos box
Method: perform packet capture on the SSH server.
Finding: DNS query fails during establishing SSH session
When folllow the TCP session for SSH login packet caoture, see the below:
During packet 17 and 24, there is about 10 seconds gap.
Go back to the whole packet capture, find the below between packet 17 and 24. We can see multiple DNS query but no response
After checking the Linux/Centos doc, we found that SSH server by default will check the DNS for the source IP of ssh client before the SSH session can be established. The DNS query failure introuduces the 10seconds delay before the SSH server responses to the client
Temp fix: disbale DNS query in the sshd_config.
Long term fix: fix the DNS query issue.