I sometimes use PuTTY as a SOCKS proxy, and I've noticed that sometimes, when the web-page I'm trying to connect to (from the web-browser) does not exist, and requires a prolonged timeout, the shell session stalls (cannot type interactively in the terminal until the timeout is reached), and also all other web-page requests stall, too.
I've recently noticed that this appears to be related to DNS: right now, it would seem like the servers specified on the sshd
side in /etc/resolv.conf
are having some issues, and, as a result, it's nearly impossible to browse the internet through a PuTTY SOCKS proxy, and also the PuTTY terminal is stalled almost all the time when any web browsing is unsuccessfully attempted.
The following error frequently appears in PuTTY logs, after which the stalling appears to stop for a little while:
2014-01-11 17:12:03 Forwarded connection refused by server: Administratively prohibited [open failed]
Normally, this is what I see in the logs instead, which gives me the impression that my SOCKS-enabled browser doesn't even know which IP-address the SOCKS proxy will connect it to:
2014-01-11 17:18:11 Opening forwarded connection to superuser.com:80
Changing the DNS server around the ssh daemon would only be a temporary solution, which would not address the underlying issue with OpenSSH / PuTTY stalling in these situations. (Not using hostnames through SOCKS would seem to be wrong, too.)
Is there any way to mitigate the ssh stalling for good?
(At the very minimum, it would seem like sshd should be more aggressive in timing out DNS, and retrying with another server. I have several servers specified in /etc/resolv.conf, and dig
seems to re-issue the request to the next server after exactly 1s, which seems more appropriate than what sshd appears to be doing.)