Board index Linux Networking

Truning off reverse lookup?

Truning off reverse lookup?

Post by dkhosl » Tue, 30 Dec 1997 04:00:00



Hi,
My proxy server is also a firewall between internal network and the DMZ
network. I had an earlier problem where clients were taking a long time to
connect. Turns out I was not resolving the internal names and the server
daemon was taking a long time to resolve the IP address to a name. It
eventually failed and allowed me to connect anyway.
I would prefer that it did not do this reverse lookup. Is there any way to
configure that? I am testing the TIS proxy toolkit on redHat Linux 2.0.30.
Our internal host table are kept in NIS and I owuld prefer not running NIS
on this box.

Also, ehnr I connect through the proxy server to a web server using the IP
address, I have no problems yet if I use the name, it responds with a
hostname unknown. I can however ping that machine by name (it is in the
hosts file). Any ideas what may be misconfigured?
Thanks in advance for any help.

 
 
 
Top

Truning off reverse lookup?

Post by Paul Blac » Tue, 30 Dec 1997 04:00:00



> Hi,
> My proxy server is also a firewall between internal network and the DMZ
> network. I had an earlier problem where clients were taking a long time to
> connect. Turns out I was not resolving the internal names and the server
> daemon was taking a long time to resolve the IP address to a name. It
> eventually failed and allowed me to connect anyway.
> I would prefer that it did not do this reverse lookup. Is there any way to
> configure that? I am testing the TIS proxy toolkit on redHat Linux 2.0.30.
> Our internal host table are kept in NIS and I owuld prefer not running NIS
> on this box.

> Also, ehnr I connect through the proxy server to a web server using the IP
> address, I have no problems yet if I use the name, it responds with a
> hostname unknown. I can however ping that machine by name (it is in the
> hosts file). Any ideas what may be misconfigured?
> Thanks in advance for any help.

It does all sound as if you have some serious DNS problems. DO you have
DNS
running? Reverse lookups don't appear to work correctly, it configured?
With a firewall, I presume that you have a DNS  an the firewall machine.
Is
it authoritative for your internal domain and is it configured to do
lookups
for external domains?

Paul

 
 
 
Top

Truning off reverse lookup?

Post by Deepak Khosl » Tue, 30 Dec 1997 04:00:00





> It does all sound as if you have some serious DNS problems. DO you have
> DNS
> running? Reverse lookups don't appear to work correctly, it configured?
> With a firewall, I presume that you have a DNS  an the firewall machine.
> Is
> it authoritative for your internal domain and is it configured to do
> lookups
> for external domains?

> Paul

Actually, that was the reason I was asking the question. I am testing with
no DNS but even if it were running, it does not contain my internal
addresses (nor do I want it to). I would like it to quit trying to do a
reverse lookup (at least for the internal users)...:-(.

On the second point, if ping works, why wouldn't the proxy resolve that
name (I wonder if it has something to do with the libc being compiled
statically for TIS although supposedly they are the same versions of the
library???)

 
 
 
Top

Truning off reverse lookup?

Post by Paul Blac » Wed, 31 Dec 1997 04:00:00



> Actually, that was the reason I was asking the question. I am testing with
> no DNS but even if it were running, it does not contain my internal
> addresses (nor do I want it to). I would like it to quit trying to do a
> reverse lookup (at least for the internal users)...:-(.

I don't think you can stop the software attempting a reverse lookup
(unless you rewite it) but you should be able to configure DNS so that
it happens very quickly.

Quote:> On the second point, if ping works, why wouldn't the proxy resolve that
> name (I wonder if it has something to do with the libc being compiled
> statically for TIS although supposedly they are the same versions of the
> library???)

Is it that ping is resolving the hostname on the localhost (through your
host file) but that the proxy server has no means of looking this
information up? Shouldn't both be using DNS for the remote network?

Paul

 
 
 
Top

Truning off reverse lookup?

Post by dkhosl » Thu, 01 Jan 1998 04:00:00


Quote:> I don't think you can stop the software attempting a reverse lookup
> (unless you rewite it) but you should be able to configure DNS so that
> it happens very quickly.

I see your point. This is wu_ftpd for example and I would understand if it
would deny access if it cannot resolve the name from the IP address and at
that point reject but it apparently accepts after a long delay (still
unresolved). Also, I took DNS out of the picture completely (no
resolv.conf) and it still behaved that way (although it is possible the
daemon had read the config in memory so maybe I should have run the test
after a restart). Any way, as I said, the internal site is on NIS and I
don't want to have NIS running on this box - and really don't want to
maintian a hosts file. I was just curious if there was a way to do this
(other than a rewrite)..

Quote:

> Is it that ping is resolving the hostname on the localhost (through your
> host file) but that the proxy server has no means of looking this
> information up? Shouldn't both be using DNS for the remote network?

That's what it appears to be. My thought was that both would be using the
same resolver functions and thus the same path!

Hopefully tomorrow I'll hook up to a real network and see what happens.
Thanks for your input.

 
 
 
Top

1. how to turn off reverse lookups?

Hello!

I have been searching the faq's, howto's, and various websites and usenet
groups trying to find a way to prevent my web servers from performing reverse
lookups. Here's the scenario:

I have servers running linux 1.2.13 and apache as the http deamon. We have
some clients hosting web sites with us, and for whatever reason (false sense
of security), the system where they get net access has it setup so their
network's hosts are obscured to the outside. Therefore, when they access their
web site on our servers, it sits waiting to display the page for 2 minutes
before the web servers' reverse lookup times out and displays the page. I
don't have the web daemons compiled to require reverse lookups, so I presume
that it's something that can be configured elsewhere.

Please let me know so I can fix this problem!

Thanks!

sean

______________________________________________________________
#include "sig.h"
int main(){
        if (feelingWitty) wittySig();
        else standardSig();
        return 0;}
/*                              Sean


*/

2. NEED: FoxPro for Unix

3. tcpd - How can I disable reverse lookups

4. not enough free resources. Does this mean too many programs running?

5. DNS - reverse lookup & timeout

6. Partition Problem

7. inetd/pop3d and reverse lookup?

8. install.rpm exited

9. Command Line DNS Reverse Lookup

10. Reverse DNS lookups

11. Named reverse lookup files problem (converting from Solaris to Linux)

12. Resolving reverse lookups

13. DNS reverse-lookup delay causing me to rip my hair out


All times are UTC
Board index