(no subject)
Barry Margolin
barmar at bbnplanet.com
Wed Aug 4 14:59:36 UTC 1999
In article <D1A16BB041DED211B3940008C7CFF0F21076C2 at hwexmb01.cahwnet.gov>,
Luiz, Dave at HWDC <Dluiz at HWDC.STATE.CA.US> wrote:
>Hello DNS administrators!
>I have a problem I can't seem to get a handle on and need some guidance. We
>have an internal DNS on an IBM RS6000 running AIX ver 4.2.1 (syslog reports
>our DNS server is using 4.9.3 version of bind.) Customers trying to telnet
>from foreign networks to a host inside our network are experiencing a 90
>second delay in receiving our login herald due to what I'm guessing is the
>telnet daemon's reverse IP resolution "feature" when the client's IP cannot
>be reverse resolvable. After the timeout period expires, the telnet session
>connects as expected. Unfortunately, our customers don't enjoy the 90 second
>delay. I am aware of workarounds such as /etc/hosts, in-addr-arpa,
>/etc/netsvc.conf but these are foreign network IP addresses I'd prefer not
>to have to hardcode. Can someone explain why the reverse lookup is even
>attempted when the connection is made regardless of the outcome? Is there a
>way to disable this "feature"?
The reverse lookup is attempted so that programs like "who" and "last" can
display the name of the host someone is coming from.
> who
barmar pts/1 Aug 2 14:10 (tools.sys.gtei.net)
I don't know offhand of any way to disable this other than by replacing the
telnet daemon. It's possible that the GNU telnet daemon used in Linux is
portable to AIX, so you could patch its source code to remove this feature.
But why are they singling you out to do this? These customers should be
having problems like this when they go to other places as well. Some web
sites try to do reverse lookups and they should be experiencing delays with
them. In particular, the web sites with 128-bit Netscape and IE don't
allow access if they can't look up your address (it's the first step in
their heuristics to guess if you're in the US or Canada). Their reverse
DNS is broken, why is that your problem?
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list