Re: Reverse DNS lookup at telnet

To: "Scott D. Killen" <wizard@skillsoft.com>
Cc: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: Reverse DNS lookup at telnet
From: Daniel Martin at cush <dtm12@jhunix.hcf.jhu.edu>
Date: Sun, 12 Apr 1998 21:02:18 -0400
Message-id: <873efi7cv9.fsf@cush.dyn.ml.org>
In-reply-to: "Scott D. Killen"'s message of "Sun, 12 Apr 1998 16:13:34 -0400"
References: <01BD662D.F2158520.wizard@skillsoft.com>

"Scott D. Killen" <wizard@skillsoft.com> writes:

> I run a server with Debian 1.3.1 installed.  This machine is set up as an 
> internet gateway to a 3 bit subnet.  Diald is installed for automatic 
> dialup internet connections.  My machine runs a caching name server that 
> the machines on the subnet use as a nameserver.  The problem is that when I 
> telnet from a machine on the subnet, the server does a reverse lookup of 
> the connecting machine's IP address, but it can't answer it's own request 
> so the Internet link goes up.  This makes telnet connections very slow... 
> especially if the dialup connection doesn't work.
> 
> How can I solve this problem?  I want to either stop doing reverse lookups 
> when answering telnet requests, or, ideally, I want to set up bind so it 
> can answer reverse lookups for addresses on my subnet....

Well, the reverse DNS lookups are probably being caused by the line:
ALL: PARANOID
in your /etc/hosts.deny.

You can disable reverse DNS lookups for all incoming telnet connections 
by putting this as the first uncommented line in /etc/hosts.allow:
in.telnetd: ALL
You can also be more selective, and cause the reverse lookups only to
happen for certain hosts:
in.telnetd: 137.22.
Then DNS lookups are not done for hosts whose IP addresses begin with
137.22
You can also use network/netmask notation:
in.telnetd: 137.22.96.0/255.255.224.0
Then all hosts on that network would not have reverse DNS lookups
done.  (that particular network happens to be the network of students' 
personal machines at my undergraduate school)

The reason that reverse DNS lookups are being done at all is that the
tcp wrappers are trying to find out if access is allowed, and will
collect what information they need to determine this - the ALL:
PARANOID rule in /etc/hosts.deny denies access to machines without a
resolvable DNS address, so if the wrappers get that far in determining 
whether or not to grant access, a reverse DNS query will be
generated.  The suggested lines in /etc/hosts.allow let the tcp
wrappers decide to give a host telnet access before getting to that
rule, so a reverse DNS query is never necessary.

More information in hosts_access(5).

--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Reverse DNS lookup at telnet
  - From: "Scott D. Killen" <wizard@skillsoft.com>

Prev by Date: Re: Whereis?
Next by Date: Re: PGCC package?
Previous by thread: Re: Reverse DNS lookup at telnet
Next by thread: /etc/hosts and using make for system admin tasks (was Re: Reverse DNS lookup at telnet)
Index(es):
- Date
- Thread