login herald delay (was no subject)

[Bill Myers]

> We have an internal DNS on an IBM RS6000 running AIX ver 4.2.1 (syslog
reports
> our DNS server is using 4.9.3 version of bind.) Customers trying to telnet
> from foreign networks to a host inside our network are experiencing a 90
> second delay in receiving our login herald due to what I'm guessing is the
> telnet daemon's reverse IP resolution "feature" when the client's IP
cannot
> be reverse resolvable. After the timeout period expires, the telnet
session
> connects as expected. Unfortunately, our customers don't enjoy the 90
second
> delay. I am aware of workarounds such as /etc/hosts, in-addr-arpa,
> /etc/netsvc.conf but these are foreign network IP addresses I'd prefer not
> to have to hardcode. Can someone explain why the reverse lookup is even
> attempted when the connection is made regardless of the outcome?
> Is there a way to disable this "feature"?

This lookup is likely done by either the inetd or telnetd daemon.  It is
attempting to resolve the address to a name to put into syslog.

It sounds like the lookup is failing to get any response, even a response
with no records.  Thus the daemon waits until the lookup request times out.
The problem may be that your server cannot access the root servers listed in
your cache.

>
> -----------------------------------------------------------
> Dave Luiz - Network Management Unit
> State of California - Health and Welfare Data Center
> Phone: (916)-739-7703
> Fax: (916)-454-7232                  www
> mailto:dluiz at hwdc.state.ca.us       (@ @)
> -----------------------------ooO-(_)-Ooo--------------------
>
>