> On Friday 14 June 2002 8:15 am, David Luyer wrote: > > > [ ident lookups causing tcpd to be slow ] > > > > > There's no satisfactory answer to this problem at > > > present, I think. > > > > So it's a compile option on tcpd. Recompile with it disabled. > > Yes, but that would need to be done by everyone out on the > Internet whose systems my clients try to contact, otherwise > we're still going to get those long delays (or a hole in my > firewall). > > Not what I consider a "satisfactory solution" :-)
Ah. I missed the start of the discussion. You're blocking ident lookups on your customers, and it's causing them to have problems accessing some sites and services? Easy solution: deny (connection reset) rather than drop the connections Hard solution: transproxy ident and return a cryptographic hash representing the actual client online on the IP which the ident request is for (this is a much cooler solution but I only know one ISP to have done it) David.
