(long) tcpd compilation options and forced reverse lookup
Hi all,
here is a problem I encounter quite often using debian computers. I'd like to know if it's a configuration problem on my side or if it's a generic problem:
* Two hosts, host1 and host2 have internet connection but the DNS is down for some reason (for example mobile computers, or ppp link down etc...)
* One host "host1", 192.168.6.1, tries to access the FTP server "host2" on 192.168.6.2. host1 and host2 and both in each other's /etc/hosts file.
Here is what happens:
host1# ftp host2
<wait a lot because host1 is trying to reverse-lookup 192.168.6.2>
Connected to host2
<wait again because host2 is trying to reverse-lookup 192.168.6.1>
ftp>
When I run a tcpdump I can see the DNS reverse-queries on 192.168.X.X. The result is a one-minute++ pause between "ftp" and the connection (same problem with telnet etc...)
I do not want to restart the thread about ALL:PARANOID that went on here some time ago, but it seems to me that this is all caused by tcpd:
One of the compilation options of TCPD is to force it do do a reverse-lookup on all hosts matching in hosts.allow and hosts.deny (independently from the PARANOID option): this is actually the default option and I have the impression that it is compiled like this into the debian version.
My question: is it possible to change this compilation option to disable this systematic reverse-lookup ? Forcing reverse-lookups like this is not very efficient and on top of it people can always enable ALL:PARANOID if they want. The current situation even does reverse-lookups on hosts present in "/etc/hosts" (even localhost, see bottom of the email).
Look at this:
# ftp localhost
Connected to localhost.
220 host1.localnet FTP server (Version wu-2.6.1(1) Sat Feb 24 01:43:53 GMT 2001) ready.
Name (localhost:lafargue):
And TCPDUMP, during that time, on my LAN:
15:47:34.167278 host1.32842 > DNS.53: 60333+ PTR? 1.0.0.127.in-addr.arpa. (40) (DF)
15:47:34.172693 DNS.53 > host1.32842: 60333* 1/1/1 PTR[|domain] (DF)
15:47:34.173476 host1.32842 > DNS.53: 60334+ A? localhost. (27) (DF)
15:47:34.178373 DNS.53 > host1.32842: 60334 1/1/1 A 127.0.0.1 (73) (DF)
A bit silly, isn't it ? I'd be interested to know if I'm doing something wrong in my configuration, btw... Then I'm the one who would look silly :)
Edouard
Reply to: