Thanks a lot to all of you for your valuable hints. So I tried some more and found that traceroute and ping show the same symptoms, i.e. first call takes 5 seconds. However, traceroute -4 and ping -4 always respond immediately. So, searching for "linux dns lookup takes long ipv4" brought me to https://askubuntu.com/a/32312 on AskUbuntu that suggested adding
options single-request to /etc/resolv.conf. And wow, this did the trick. So, according to the page linked there, I'm maybe having to do with a DNS Server or Firewall that doesn't handle the parallel IPv4 and IPv6 requests properly... I'll check with my IT. Thank you again, folks. Andy On 31 May 2018 at 16:54, Achilleas Mantzios <ach...@matrix.gatewaynet.com> wrote: > On 28/05/2018 17:26, Andreas Schmid wrote: > > Hi, > > I configured my PostgreSQL 10 DB on Debian 9.2 with LDAP authentication > (simple bind mode). While this basically works, it has the strange effect > that the first login with psql takes around 5 seconds. When I reconnect > within 60 seconds, the login completes immediately. > > The LDAP server is behind a firewall. So for a test, in pg_hba.conf I put > the LDAP servers IP address instead of its DNS name (for parameter > ldapserver). Like that, all logins complete immediately. But in general I > prefer specifying the DNS name rather than the IP. > > When I checked on the DB machine with the following commands > host my.ldap.server.org > dig my.ldap.server.org > both always returned the host name and IP address of the LDAP server > immediately. > > Does anyone of you have an explanation for this, or a hint, where I could > do some further investigation? > > IPv4 vs IPv6 ? any strange timeouts? look in the postgresql logs for any > messages. > Also definitely ran wireshark, it'll tell you a lot on what's happening > between postgresql and your LDAP . > > > Thanks, > Andy > > > -- > Achilleas Mantzios > IT DEV Lead > IT DEPT > Dynacom Tankers Mgmt > >
