Re: Reverse DNS lookup at telnet
Scott D. Killen [EMAIL PROTECTED] writes: I run a server with Debian 1.3.1 installed. This machine is set up as an internet gateway to a 3 bit subnet. Diald is installed for automatic dialup internet connections. My machine runs a caching name server that the machines on the subnet use as a nameserver. The problem is that when I telnet from a machine on the subnet, the server does a reverse lookup of the connecting machine's IP address, but it can't answer it's own request so the Internet link goes up. This makes telnet connections very slow... especially if the dialup connection doesn't work. How can I solve this problem? I want to either stop doing reverse lookups when answering telnet requests, or, ideally, I want to set up bind so it can answer reverse lookups for addresses on my subnet Well, the reverse DNS lookups are probably being caused by the line: ALL: PARANOID in your /etc/hosts.deny. You can disable reverse DNS lookups for all incoming telnet connections by putting this as the first uncommented line in /etc/hosts.allow: in.telnetd: ALL You can also be more selective, and cause the reverse lookups only to happen for certain hosts: in.telnetd: 137.22. Then DNS lookups are not done for hosts whose IP addresses begin with 137.22 You can also use network/netmask notation: in.telnetd: 137.22.96.0/255.255.224.0 Then all hosts on that network would not have reverse DNS lookups done. (that particular network happens to be the network of students' personal machines at my undergraduate school) The reason that reverse DNS lookups are being done at all is that the tcp wrappers are trying to find out if access is allowed, and will collect what information they need to determine this - the ALL: PARANOID rule in /etc/hosts.deny denies access to machines without a resolvable DNS address, so if the wrappers get that far in determining whether or not to grant access, a reverse DNS query will be generated. The suggested lines in /etc/hosts.allow let the tcp wrappers decide to give a host telnet access before getting to that rule, so a reverse DNS query is never necessary. More information in hosts_access(5). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
/etc/hosts and using make for system admin tasks (was Re: Reverse DNS lookup at telnet)
On Sun, 12 Apr 1998, Scott D. Killen wrote: I run a server with Debian 1.3.1 installed. This machine is set up as an internet gateway to a 3 bit subnet. Diald is installed for automatic dialup internet connections. My machine runs a caching name server that the machines on the subnet use as a nameserver. The problem is that when I telnet from a machine on the subnet, the server does a reverse lookup of the connecting machine's IP address, but it can't answer it's own request so the Internet link goes up. This makes telnet connections very slow... especially if the dialup connection doesn't work. How can I solve this problem? I want to either stop doing reverse lookups when answering telnet requests, or, ideally, I want to set up bind so it can answer reverse lookups for addresses on my subnet the simplest way is to just list the machines in your 3 bit subnet in /etc/hosts, and make sure that /etc/host.conf has order hosts,bind. reverse-lookups for any connections from ip addresses listed in /etc/hosts are resolved immediately. resolving other names/IPs is unaffected. remember to keep /etc/hosts up to date if any of the machines on your subnet change. note that this only helps for connections to your gateway machine. if there are other unix boxes on your lan which do reverse lookups for each connection then you will need to copy this hosts file to them too. use scp or rdist or rsync or something to do this. it could also be handy to have a Makefile in /etc so that you only have to type 'make' to do the copy. e.g. here's a simple /etc/Makefile which does this and a few other useful things. make is a very useful system administration tool. you can use it to automate the production of any file(s) from any other file(s), or even as the stamp-hosts example below shows execute certain commands only if certain file(s) have changed since the last time it was run. ---cut here---/etc/Makefile---cut here--- #! /usr/bin/make -f # default action all: cd /etc $(MAKE) targets targets: stamp-hosts aliases.db virtusertable.db mailertable.db stamp-hosts: hosts scp hosts machine1:/etc/hosts scp hosts machine2:/etc/hosts scp hosts machine3:/etc/hosts touch /etc/stamp-hosts aliases.db: aliases newaliases virtusertable.db: virtusertable makemap hash virtusertable virtusertable mailertable.db: mailertable makemap hash mailertable mailertable ---cut here---/etc/Makefile---cut here--- (btw, remember that the indented lines in the Makefile are indented with a TAB character, not spaces!) craig -- craig sanders -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Reverse DNS lookup at telnet
I run a server with Debian 1.3.1 installed. This machine is set up as an internet gateway to a 3 bit subnet. Diald is installed for automatic dialup internet connections. My machine runs a caching name server that the machines on the subnet use as a nameserver. The problem is that when I telnet from a machine on the subnet, the server does a reverse lookup of the connecting machine's IP address, but it can't answer it's own request so the Internet link goes up. This makes telnet connections very slow... especially if the dialup connection doesn't work. How can I solve this problem? I want to either stop doing reverse lookups when answering telnet requests, or, ideally, I want to set up bind so it can answer reverse lookups for addresses on my subnet Thanks in advance, Scott D. Killen Scott Killen Software http://www.skillsoft.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Reverse DNS lookup at telnet
On Sun, 12 Apr 1998, Scott D. Killen wrote: I run a server with Debian 1.3.1 installed. This machine is set up as an internet gateway to a 3 bit subnet. Diald is installed for automatic dialup internet connections. My machine runs a caching name server that the machines on the subnet use as a nameserver. The problem is that when I telnet from a machine on the subnet, the server does a reverse lookup of the connecting machine's IP address, but it can't answer it's own request so the Internet link goes up. This makes telnet connections very slow... especially if the dialup connection doesn't work. How can I solve this problem? I want to either stop doing reverse lookups when answering telnet requests, or, ideally, I want to set up bind so it can answer reverse lookups for addresses on my subnet What you appear to want is for your machine to be the primary DNS for reverse lookups on your ISP's subnet (reverse lookups are delegated in no finer granularity then 8bit blocks if I am not very much mistaken) when the link is down, and for it to be a secondary when the link is up. If this is indeed what you want, then use /etc/ppp/ip-up and /etc/ppp/ip-down to effect this change. -Greg Mildenhall -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Reverse DNS lookup at telnet
How do I do that without losing forwarded DNS requests? When I stop and start named to adjust the tables, any current DNS request from client machines will be lost... Another problem -- I fixed it so I was primary for the network and lookups on the host no longer cause a connection to the Internet, but telnet requests still do... I heard somewhere that this is caused by a bug in the telnet server? Can anybody confirm this? If so, where do I get an updated copy of telnet server? If not, how do I make it quit? -Original Message- From: The Thought Assassin [SMTP:[EMAIL PROTECTED] Sent: Sunday, April 12, 1998 4:29 PM To: debian-user@lists.debian.org Subject:Re: Reverse DNS lookup at telnet On Sun, 12 Apr 1998, Scott D. Killen wrote: I run a server with Debian 1.3.1 installed. This machine is set up as an internet gateway to a 3 bit subnet. Diald is installed for automatic dialup internet connections. My machine runs a caching name server that the machines on the subnet use as a nameserver. The problem is that when I telnet from a machine on the subnet, the server does a reverse lookup of the connecting machine's IP address, but it can't answer it's own request so the Internet link goes up. This makes telnet connections very slow... especially if the dialup connection doesn't work. How can I solve this problem? I want to either stop doing reverse lookups when answering telnet requests, or, ideally, I want to set up bind so it can answer reverse lookups for addresses on my subnet What you appear to want is for your machine to be the primary DNS for reverse lookups on your ISP's subnet (reverse lookups are delegated in no finer granularity then 8bit blocks if I am not very much mistaken) when the link is down, and for it to be a secondary when the link is up. If this is indeed what you want, then use /etc/ppp/ip-up and /etc/ppp/ip-down to effect this change. -Greg Mildenhall -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]