reverse dns lookup problem on ssh debian vs redhat

To: debian-user@lists.debian.org
Subject: reverse dns lookup problem on ssh debian vs redhat
From: Mitchell Laks <mlaks@verizon.net>
Date: Sun, 26 Dec 2004 22:38:25 -0500
Message-id: <[🔎] 200412262238.25168.mlaks@verizon.net>

Hi! I recently switched to debian Sarge (and sid) for all of my work (YAY I 
LOVE IT!).  

Now, until now, I had been using redhat 7.3 for my servers. I have many redhat 
7.3 servers, and now, I have installed 2 debian sarge servers (i know it is 
not yet released, but I have tested it for months and am perfectly happy).

Now I notice a problem with reverse DNS that I did not have with Redhat 7.3. I 
am curious to understand the differences. Although it is installed, I never 
properly configured bind9 on these machines. Similarly the redhat 7.3 
machines didnt even have bind installed at all.

I have /etc/resolv.conf set up with the 2 nameservers provided by my ISP. If 
my local (192.168.99.X) network is connected to the internet, and can access 
the nameservers provided by my ISP, (151.202.0.84 say), then if I try to ssh 
into one of my Debian Sarge machines, I get an immediate response when I "ssh 
192.168.99.76" into one of my machines on my private network. 

However, if my private network is disconnected from the main internet and thus 
my Debian machines  are not connected to the internet, and can't contact my 
ISP's nameservers, then I get a 20 second delay while we timeout ( that is 2 
nameservers, 2 attempts per nameserver and 5 second timeout).  I can easily 
shortcircuit this timeout by putting a line 
"options timeout:0 attempts:0" into the /etc/resolv.conf file. 
I can similarly shortcircuit this timeout by actually putting the ip address 
that I am ssh'ing from into /etc/hosts so that no reverse dns takes place.

I realize that I should actually set up the machine itself to provide dns 
service itself, and not rely upon the nameservers provided by my ISP (say by 
configuring bind9 and the correct local domain reverse dns lookup service or 
else installing djbdns ).

However, I am puzzled. As I have been using redhat 7.3 for servers on a 
private network for many years, without using bind (8 or 9), and I have just 
been doing ssh 192.168.99.75 and getting immediate access even though there 
was no nameserver at all listed in /etc/resolv.conf on the redhat machines. 
Ie on the redhat machines /etc/resolv.conf  simply consisted of the single 
line 
"search localhost".

If I change the /etc/resolv.conf on the debian box to the same "search 
localhost" line, I get a 10 second timeout (not 20 second where there are two 
not reachable nameservers).

Any idea what is the difference in the setup here??? What did they do in 
redhat to disable or shortcircuit the reverse dns lookup? It doesn't look 
like redhat set up a caching reverse dns server, because bind isn't installed 
on my redhat 7.3 machines.
This is important for other network services besides ssh.
Thanks a million!
Mitchell

Reply to:

Follow-Ups:
- Re: reverse dns lookup problem on ssh debian vs redhat
  - From: Sam Watkins <swatkins@fastmail.fm>

Prev by Date: Re: Umask 002 policy
Next by Date: Re: Console Password Manager?
Previous by thread: Kerberos-authentication in Evolution
Next by thread: Re: reverse dns lookup problem on ssh debian vs redhat
Index(es):
- Date
- Thread