[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

(long) tcpd compilation options and forced reverse lookup

  Hi all,

  here is a problem I encounter quite often using debian computers. I'd like to know if it's a configuration problem on my side or if it's a generic problem:

  * Two hosts, host1 and host2 have internet connection but the DNS is down for some reason (for example mobile computers, or ppp link down etc...)
  * One host "host1", 192.168.6.1, tries to access the FTP server "host2" on 192.168.6.2. host1 and host2 and both in each other's /etc/hosts file.

 Here is what happens:

host1# ftp host2
  <wait a lot because host1 is trying to reverse-lookup 192.168.6.2>
Connected to host2
  <wait again because host2 is trying to reverse-lookup 192.168.6.1>
ftp>

  When I run a tcpdump I can see the DNS reverse-queries on 192.168.X.X. The result is a one-minute++ pause between "ftp" and the connection (same problem with telnet etc...)
 
  I do not want to restart the thread about ALL:PARANOID that went on here some time ago, but it seems to me that this is all caused by tcpd:

  One of the compilation options of TCPD is to force it do do a reverse-lookup on all hosts matching in hosts.allow and hosts.deny (independently from the PARANOID option): this is actually the default option and I have the impression that it is compiled like this into the debian version.

  My question: is it possible to change this compilation option to disable this systematic reverse-lookup ? Forcing reverse-lookups like this is not very efficient and on top of it people can always enable ALL:PARANOID if they want. The current situation even does reverse-lookups on hosts present in "/etc/hosts" (even localhost, see bottom of the email).

Look at this:

# ftp localhost
Connected to localhost.
220 host1.localnet FTP server (Version wu-2.6.1(1) Sat Feb 24 01:43:53 GMT 2001) ready.
Name (localhost:lafargue): 

And TCPDUMP, during that time, on my LAN:

15:47:34.167278 host1.32842 > DNS.53:  60333+ PTR? 1.0.0.127.in-addr.arpa. (40) (DF)
15:47:34.172693 DNS.53 > host1.32842:  60333* 1/1/1 PTR[|domain] (DF)
15:47:34.173476 host1.32842 > DNS.53:  60334+ A? localhost. (27) (DF)
15:47:34.178373 DNS.53 > host1.32842:  60334 1/1/1 A 127.0.0.1 (73) (DF)

  A bit silly, isn't it ? I'd be interested to know if I'm doing something wrong in my configuration, btw... Then I'm the one who would look silly :)

Edouard
Reply to: