Delay in name-based SSH connection to router

Hello,
i'm facing a strange issue that i can't sort out.
When i connect via SSH to my router, if i do it via the ip address, it is immediate, but if i do it via the dns name of the router, it takes 5-6 seconds.
I'm wondering if this can be related to the fact that the router has 4 internal IPs (different subnets and vlans) and the DNS server (the router itself) is retourning one of these, but never the correct one (the one on LAN, where i'm calling from), and the SSH connection is bound to LAN. I assume is going to timeout after a while and connecting to the residual ip..
If you don't have specific ideas (i do not..), i'd ask if there's a way to force the DNS server to answer the IP in the same calling subnet..

In my case, the router in the LAN is 192.168.1.1, but this is the answer from 3 consecutive ping:

PS C:\Users\Massi> ping rutto.lan
Esecuzione di Ping rutto.lan [10.0.99.1] con 32 byte di dati:
Risposta da 10.0.99.1: byte=32 durata=1ms TTL=64

PS C:\Users\Massi> ping rutto.lan
Esecuzione di Ping rutto.lan [192.168.111.1] con 32 byte di dati:
Risposta da 192.168.111.1: byte=32 durata=1ms TTL=64

PS C:\Users\Massi> ping rutto.lan
Esecuzione di Ping rutto.lan [10.0.0.1] con 32 byte di dati:
Risposta da 10.0.0.1: byte=32 durata=2ms TTL=64

Indeed, it has 4 addresses:

PS C:\Users\Massi> nslookup rutto
Server:  RUTTO.lan
Address:  fd96:b8e2:2f12::1
Nome:    rutto.lan
Addresses:  fd96:b8e2:2f12::1
          10.0.99.1
          192.168.111.1
          10.0.0.1
          192.168.1.1

Thanks!

you're not running openssh instead of the busybox ssh, by any chance ?

i'd say no :slight_smile:

BusyBox v1.36.1 (2023-11-24 13:02:29 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 23.05-SNAPSHOT, r23636-d6b62611b8
 -----------------------------------------------------

but i have openssh sftp server installed..

I have this symptom also but I would say it is the same on both uhttpd (luci) and ssh.

https://forum.openwrt.org/t/solved-dhcp-not-assigning-static-addresses
I found this kind of dhcp setup a while ago where the user made a setup with one dnsmasq config for every vlan with it’s own domain definition (not really the tread topic but look at the dhcp config input).
I found the solution very interesting for this problem we have but not really mentioned in the wiki. But I have been busy lately so I haven’t had time to test if it is a meaningful solution for the problem.

i've been using openwrt for years and never had this issue, honestly i'd avoid this sort of complicateness with no reason..

You already have a 4 vlan setup so you are above and beyond this step already.

This becomes so much easier if you start by telling us the answer you want so we then can ask the question.

But I don’t understand, you have defined the problem with dnsmasq being erratic where to look but you also don’t want to tell dnsmasq where to look?

Sorry, i understand my answer could sound bad :slight_smile:
my point is that i've been using OWRT for years with this setup (VLANs speaking) and having no issues with a single dnsmasq instance, so to me this is not "the solution", could be (maybe?) a workaround.
I could be wrong since this is not "breaking" something (it is just slowing things down), but this could be sourced as soon as i moved from my old R7800 to a new x86 based box (virtualized under proxmos, so yes, i'm already beyond the step of complicateness :slight_smile: )
i'm just wondering why dnsmasq is returning all the ip not belonging to the calling lan, this seems to have no sense at all..

The issue is getting stranger :slight_smile:
definitely the "lag" in connection is sourced by this topic. If i force in the hosts file the correct ip, ssh connects immediately.
This should be exactly what the localise_queries option does:

Return answers to DNS queries matching the subnet from which the query was received if multiple IPs are available.

Now the strange part: on my windows box i have a WSL (to build OWRT images, inter alia) and this linux box pings always the correct ip!
It's windows that is pinging the wrong one!
This is linux:

massi@greenbook:~/official$ nslookup rutto.lan
Server:         172.28.32.1
Address:        172.28.32.1#53

Non-authoritative answer:
Name:   rutto.lan
Address: 192.168.1.1
Name:   rutto.lan
Address: 10.0.0.1
Name:   rutto.lan
Address: 10.0.99.1
Name:   rutto.lan
Address: 192.168.111.1
Name:   rutto.lan
Address: fd96:b8e2:2f12::1

massi@greenbook:~/official$ ping rutto.lan
PING rutto.lan (192.168.1.1) 56(84) bytes of data.
64 bytes from mqttBroker.lan (192.168.1.1): icmp_seq=1 ttl=63 time=1.42 ms
^C
--- rutto.lan ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.417/1.417/1.417/0.000 ms
massi@greenbook:~/official$ ping rutto.lan
PING rutto.lan (192.168.1.1) 56(84) bytes of data.
64 bytes from mqttBroker.lan (192.168.1.1): icmp_seq=1 ttl=63 time=1.42 ms
^C
--- rutto.lan ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.424/1.424/1.424/0.000 ms

and this is windows:

PS C:\Users\Massi> nslookup rutto.lan
Server:  RUTTO.lan
Address:  fd96:b8e2:2f12::1

Nome:    rutto.lan
Addresses:  fd96:b8e2:2f12::1
          10.0.0.1
          10.0.99.1
          192.168.111.1
          192.168.1.1

PS C:\Users\Massi> ping rutto.lan

Esecuzione di Ping rutto.lan [10.0.99.1] con 32 byte di dati:
Risposta da 10.0.99.1: byte=32 durata=2ms TTL=64

Statistiche Ping per 10.0.99.1:
    Pacchetti: Trasmessi = 1, Ricevuti = 1,
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 2ms, Massimo =  2ms, Medio =  2ms
Control-C
PS C:\Users\Massi> ping rutto.lan

Esecuzione di Ping rutto.lan [192.168.111.1] con 32 byte di dati:
Risposta da 192.168.111.1: byte=32 durata=2ms TTL=64

Statistiche Ping per 192.168.111.1:
    Pacchetti: Trasmessi = 1, Ricevuti = 1,
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 2ms, Massimo =  2ms, Medio =  2ms
Control-C
PS C:\Users\Massi> ping rutto.lan

Esecuzione di Ping rutto.lan [10.0.0.1] con 32 byte di dati:
Risposta da 10.0.0.1: byte=32 durata=1ms TTL=64

Statistiche Ping per 10.0.0.1:
    Pacchetti: Trasmessi = 1, Ricevuti = 1,
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 1ms, Massimo =  1ms, Medio =  1ms
Control-C

same nslookup (at least :slight_smile: ) but very different ping behaviour!

Edit to add: seems a consistent behaviour. All my linux VM in different subnets resolves the router ip to the correct one (the one belonging to the same subnet)
and another windows box is showing the same resolution issue. Seems a windows problem, but i'd never encountered this. Ideas?

Don’t think we have any official support for proxmox

it is the officially supported x86 image, nothing strange.

Yea, but proxmox run is not a hardware run image and that means a lot of services are sharing the network hardware..

You'll get an idea of what's causing the delay if you run:

ssh -vv root@rutto.lan

good catch @greem
As expected, this is exactly where the issue comes from

PS C:\Users\Massi> ssh -vv root@rutto.lan
OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug2: resolving "rutto.lan" port 22
debug1: Connecting to rutto.lan [10.0.99.1] port 22.
debug1: connect to address 10.0.99.1 port 22: Connection refused
debug1: Connecting to rutto.lan [192.168.111.1] port 22.
debug1: connect to address 192.168.111.1 port 22: Connection refused
debug1: Connecting to rutto.lan [10.0.0.1] port 22.
debug1: connect to address 10.0.0.1 port 22: Connection refused
debug1: Connecting to rutto.lan [192.168.1.1] port 22.
debug1: Connection established.

do you think i can set the priority of ip addresses in dnsmasq?

i found a client side fix that works (a registry entry)

however, i'm still wondering if server side this is the correct behavior.
anyone with a multi-ip router can confirm that windows is resolving what it wants? :slight_smile:

You can add fixed dns record to override generated default with all ips.