From 3cd5103c1e1aaa59bd66f7f52f6ebbcd5deb12f9 Mon Sep 17 00:00:00 2001
From: "deraadt@openbsd.org" <deraadt@openbsd.org>
Date: Mon, 2 Feb 2015 01:57:44 +0000
Subject: [PATCH] upstream commit

increasing encounters with difficult DNS setups in
 darknets has convinced me UseDNS off by default is better ok djm
---
 servconf.c    | 4 ++--
 sshd_config   | 4 ++--
 sshd_config.5 | 6 +++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/servconf.c b/servconf.c
index 475076bf2..318546290 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.259 2015/01/16 06:40:12 deraadt Exp $ */
+/* $OpenBSD: servconf.c,v 1.260 2015/02/02 01:57:44 deraadt Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -308,7 +308,7 @@ fill_default_server_options(ServerOptions *options)
 	if (options->max_sessions == -1)
 		options->max_sessions = DEFAULT_SESSIONS_MAX;
 	if (options->use_dns == -1)
-		options->use_dns = 1;
+		options->use_dns = 0;
 	if (options->client_alive_interval == -1)
 		options->client_alive_interval = 0;
 	if (options->client_alive_count_max == -1)
diff --git a/sshd_config b/sshd_config
index e9045bc4d..c9042ac3c 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
+#	$OpenBSD: sshd_config,v 1.94 2015/02/02 01:57:44 deraadt Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -112,7 +112,7 @@ UsePrivilegeSeparation sandbox		# Default for new installations.
 #Compression delayed
 #ClientAliveInterval 0
 #ClientAliveCountMax 3
-#UseDNS yes
+#UseDNS no
 #PidFile /var/run/sshd.pid
 #MaxStartups 10:30:100
 #PermitTunnel no
diff --git a/sshd_config.5 b/sshd_config.5
index 4fd93d68e..cf57c609f 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.191 2015/01/22 21:00:42 jmc Exp $
-.Dd $Mdocdate: January 22 2015 $
+.\" $OpenBSD: sshd_config.5,v 1.192 2015/02/02 01:57:44 deraadt Exp $
+.Dd $Mdocdate: February 2 2015 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1379,7 +1379,7 @@ should look up the remote host name and check that
 the resolved host name for the remote IP address maps back to the
 very same IP address.
 The default is
-.Dq yes .
+.Dq no .
 .It Cm UseLogin
 Specifies whether
 .Xr login 1