Re: (long) tcpd compilation options and forced reverse lookup

[Edouard Lafargue <edouard.lafargue@london.omnes.slb.com>]

James Bromberger <james@rcpt.to> writes:

> relatively weak security. Any name -> address mappings can be done 
> exclusivly in /etc/hosts; resolving then becomes much quicker: either 
> its locally known, or not. No need to wait for DNS to trip around the 
> planet asking questions...

  That's the very problem: even with hosts in /etc/hosts, the resolver still seems to do DNS queries for reverse-lookups! It's the case for every program that does "gethostbyname", really.

/etc/host.conf:

order hosts,bind
multi on

/etc/nsswitch.conf

passwd:         compat
group:          compat
shadow:         compat

hosts:          files  dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis


   -> Still , reverse lookups for every host in /etc/hosts ! If someone has a solution...

Ed