Question about DNS and Telnet interaction

Question about DNS and Telnet interaction

Post by Bill » Wed, 13 Aug 2003 01:56:08



scenario:
Both Host A and B are configured to use DNS files, then host files
Host A telnets to Host B usin the command:

telnet hostB

Now, when Host B hears the "knock at the door" on port 23, it reads
the header information and gets the IP address of the sending host
(among other things).

Question: In the Solaris 2.6 (or above) environment, with BSM on, does
Host B then do anything like a forward/reverse lookup on the IP
address before responding ?

TIA

Bill W

 
 
 

Question about DNS and Telnet interaction

Post by Lars Tunkran » Wed, 13 Aug 2003 02:36:43



> scenario:
> Both Host A and B are configured to use DNS files, then host files
> Host A telnets to Host B usin the command:

> telnet hostB

> Now, when Host B hears the "knock at the door" on port 23, it reads
> the header information and gets the IP address of the sending host
> (among other things).

> Question: In the Solaris 2.6 (or above) environment, with BSM on, does
> Host B then do anything like a forward/reverse lookup on the IP
> address before responding ?

> TIA

> Bill W

If you Install ( or activate in solaris9 as its in the base )
TCPWrappers and use the PARANIOD compile option and
change  /etc/init/inetd.conf  to use the "tcpd" glue app.
it will do a DNS lookup of the incomming call.

Otherwise I sort of doubt it.  In many situations you dont
want to put this extra DNS traffic on the net nor the DNS
server.

//Lars

--
========================================================
Lars Tunkrans
smtp: lars dot tunkrans at bredband dot net
--------------------------------------------------------

 
 
 

Question about DNS and Telnet interaction

Post by Barry Margoli » Wed, 13 Aug 2003 02:40:31





>> scenario:
>> Both Host A and B are configured to use DNS files, then host files
>> Host A telnets to Host B usin the command:

>> telnet hostB

>> Now, when Host B hears the "knock at the door" on port 23, it reads
>> the header information and gets the IP address of the sending host
>> (among other things).

>> Question: In the Solaris 2.6 (or above) environment, with BSM on, does
>> Host B then do anything like a forward/reverse lookup on the IP
>> address before responding ?

>> TIA

>> Bill W

>If you Install ( or activate in solaris9 as its in the base )
>TCPWrappers and use the PARANIOD compile option and
>change  /etc/init/inetd.conf  to use the "tcpd" glue app.
>it will do a DNS lookup of the incomming call.

>Otherwise I sort of doubt it.  In many situations you dont
>want to put this extra DNS traffic on the net nor the DNS
>server.

Telnetd always does a reverse DNS lookup.  How do you think the hostname
shows up in "who" output?

A frequent problem that many sites have when they don't set up reverse DNS
properly is that telnet connections stall for a long time before displaying
the "login:" prompt.  This delay is due to waiting for a timeout while
trying to perform this reverse resolution.

--

Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

Question about DNS and Telnet interaction

Post by Kevi » Wed, 13 Aug 2003 14:30:58



Quote:> scenario:
> Both Host A and B are configured to use DNS files, then host files
> Host A telnets to Host B usin the command:

> telnet hostB

> Now, when Host B hears the "knock at the door" on port 23, it reads
> the header information and gets the IP address of the sending host
> (among other things).

> Question: In the Solaris 2.6 (or above) environment, with BSM on, does
> Host B then do anything like a forward/reverse lookup on the IP
> address before responding ?

yes.  it does that to obtain host information from the rDNS...   If rDNS is
not configured or there is a problem with access to the name server, you
will get a long delay before seeing a login.  A common way to know that DNS
is not working or setup properly.

If it is going to be on the Internet, I'd look at SSH instead though.  Its
common to not allow any telnet access even within a network in many
places...