Re: (long) tcpd compilation options and forced reverse lookup
James Bromberger <james@rcpt.to> writes:
> relatively weak security. Any name -> address mappings can be done
> exclusivly in /etc/hosts; resolving then becomes much quicker: either
> its locally known, or not. No need to wait for DNS to trip around the
> planet asking questions...
That's the very problem: even with hosts in /etc/hosts, the resolver still seems to do DNS queries for reverse-lookups! It's the case for every program that does "gethostbyname", really.
/etc/host.conf:
order hosts,bind
multi on
/etc/nsswitch.conf
passwd: compat
group: compat
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-> Still , reverse lookups for every host in /etc/hosts ! If someone has a solution...
Ed
Reply to: