Re: (long) tcpd compilation options and forced reverse lookup

To: debian-devel@lists.debian.org
Subject: Re: (long) tcpd compilation options and forced reverse lookup
From: Edouard Lafargue <edouard.lafargue@london.omnes.slb.com>
Date: 14 Jun 2001 10:17:00 +0100
Message-id: <[🔎] 87vglzxvxv.fsf@gryffindor.localnet>
In-reply-to: <[🔎] 20010613191637.G20918@ipe.uni-stuttgart.de>
References: <edouard.lafargue@london.omnes.slb.com> <[🔎] 20010613150437.28500.qmail@cthulhu.rlyeh.org> <[🔎] 20010613231851.C249771@morwong.ucc.gu.uwa.edu.au> <[🔎] 87k82g1ja1.fsf@gryffindor.localnet> <[🔎] 20010613180423.A9450@intern.kubla.de> <[🔎] 20010613183314.F20918@ipe.uni-stuttgart.de> <[🔎] 87zobcz5ib.fsf@gryffindor.localnet> <[🔎] 20010613191637.G20918@ipe.uni-stuttgart.de>

Sorry about the previous empty response... Typed the wrong key, keyboard shortcuts can be as dangerous as mouse clicks...

  To get back to the problem:

  * Putting "search ." in /etc/resolv.conf solves the problem of telnet/ftp/etc doing DNS lookups even for hosts present in the /etc/hosts file.

  * It does not solve the other part of the problem, which is that daemons using tcp wrappers/tcpd trigger reverse lookups for every host connection, not only for unknown hosts. In short tcp wrappers are compiled to be paranoid for every host, known or not ! This is a -default- compilation option of tcp wrappers (-DPARANOID) which in my opinion should not be enabled: forcing lookups at every connection should be a decision left to the administrator. An administrator can always put "ALL:PARANOID"  in /etc/hosts.deny.

  Is the package maintainer of tcpd listening on this list ? What's his opinion ? I'll try to get and compile the source package of tcpd without this -DPARANOID option and see if it improves things...

Regards,

Edouard

Reply to:

References:
- Re: (long) tcpd compilation options and forced reverse lookup
  - From: "Pawel Wiecek" <coven-debian-devel@debian.org>
- Re: (long) tcpd compilation options and forced reverse lookup
  - From: James Bromberger <james@rcpt.to>
- Re: (long) tcpd compilation options and forced reverse lookup
  - From: Edouard Lafargue <edouard.lafargue@london.omnes.slb.com>
- Re: (long) tcpd compilation options and forced reverse lookup
  - From: Dominik Kubla <dominik.kubla@uni-mainz.de>
- Re: (long) tcpd compilation options and forced reverse lookup
  - From: Nils Rennebarth <nils@ipe.uni-stuttgart.de>
- Re: (long) tcpd compilation options and forced reverse lookup
  - From: Edouard Lafargue <edouard.lafargue@london.omnes.slb.com>
- Re: (long) tcpd compilation options and forced reverse lookup
  - From: Nils Rennebarth <nils@ipe.uni-stuttgart.de>

Prev by Date: Re: (long) tcpd compilation options and forced reverse lookup
Next by Date: Re: traceroute in /usr/bin, not /usr/sbin
Previous by thread: Re: (long) tcpd compilation options and forced reverse lookup
Next by thread: Re: (long) tcpd compilation options and forced reverse lookup
Index(es):
- Date
- Thread