Since updating to Yosemite, ssh from my Mac to a DNS alias takes about 7-8 seconds.
I've observed the following on multiple Macs running Yosemite. Assume I have a host name alpha, and a DNS alias to it named aa. The OS of the target doesn't matter.
1) ssh to an unqualified host name alias (CNAME record in DNS), e.g. ssh aa, takes about 7-8 seconds to connect
2) immediately repeating the same ssh command, ssh aa, connects in the "normal" amount of time (< 1s)
3) ssh to a fully qualified host name alias, e.g. ssh aa.example.com, connects in the normal amount of time
4) ssh to a regular host name (A record in DNS), e.g. ssh alpha.example.com, whether qualified or unqualified, connects in the normal amount of time.
When using ssh -vvv, the total delay is in one place:
$ ssh -vv aa
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
*delay of 7-8 seconds*
debug1: Connecting to aa [10.10.1.2] port 22.
debug1: Connection established.
...
There is no difference in output between any of the 4 scenarios, except for the host name displayed.
This has happened on every release of Yosemite to the current version 10.10.3.
I have searched the web many times, and not found a single reference to this problem. Ideas?
Best Answer
I found a “fix” for this, though it still doesn't explain anything.
In our organization, we have “standard” DNS arranged hierarchically for different sites, just as you would expect. We also have an Active Directory structure that is largely flat. The resolv.conf (actually defined in Network Settings) had my local DNS domain listed as a search domain. I discovered quite by accident that adding the AD domain as a search domain fixes the problem!
So now I have something like:
Now ssh’ing to an unqualified alias takes no more time than any other form of the host name.
Really bizarre, and I have no idea why this fixes it.