https://community.hpe.com/t5/operating-system-hp-ux/disable-dns-reverse-resolution/m-p/2827051#M581018 I am using FTP servers on HP-UX 11.11 systems.<BR />When a client connects to the FTP server, the server poerforms a PTR DNS resolution with the IP @ of the client.<BR />Is there any way to avoid that, and how??? Wed, 16 Oct 2002 13:09:29 GMT leleux 2002-10-16T13:09:29Z https://community.hpe.com/t5/operating-system-hp-ux/disable-dns-reverse-resolution/m-p/2827051#M581018 I am using FTP servers on HP-UX 11.11 systems.<BR />When a client connects to the FTP server, the server poerforms a PTR DNS resolution with the IP @ of the client.<BR />Is there any way to avoid that, and how??? Wed, 16 Oct 2002 13:09:29 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-dns-reverse-resolution/m-p/2827051#M581018 leleux 2002-10-16T13:09:29Z https://community.hpe.com/t5/operating-system-hp-ux/disable-dns-reverse-resolution/m-p/2827052#M581019 Might help if you tell us why, but since you asked:<BR /><BR />You'll have to rebuild ftpd. The source is available from <BR /><A href="http://www.wu-ftpd.org" target="_blank">www.wu-ftpd.org</A><BR /><BR />add NO_DNS to the conf.h file.<BR /><BR />/* <BR /> * NO_DNS <BR /> * Define this to skip DNS lookups. If the remote host name is needed, the <BR /> * daemon uses the IP numbers instead. 'deny !nameserved' will always be <BR /> * true (denying access) if this patch is enabled. <BR /> * <BR /> * This option is intended soley for very busy FTP sites where the added <BR /> * security of DNS lookups is overshadowed by the speed and resource penalties. <BR /> * <BR /> * Disabling DNS lookups removes all protections against spoofing, making <BR /> * remote user authentication virtually useless. This option should only be <BR /> * used on anonymous FTP servers. <BR /> * <BR /> * If you're not *absolutely sure* you need this, don't enable it. <BR /> */ <BR />#define NO_DNS <BR /><BR />In addition, man ftpaccess gives you some options for DNS:<BR /><BR /> dns refuse_mismatch <FILENAME> [override]<BR /><BR /> Refuse FTP sessions when the forward and reverse<BR /> lookups for the remote site do not match. Display<BR /> the named file (like a message file), admonishing the<BR /> user. If the optional override is specified, allow<BR /> the connection after complaining.<BR /><BR /><BR /> dns refuse_no_reverse <FILENAME> [override]<BR /><BR /> Refuse FTP sessions when there is no reverse DNS entry<BR /> for the remote site. Display the named file (like a mes??<BR /> sage file), admonishing the user. If the optional over??<BR /> ride is specified, allow the connection after complain??<BR /> ing.<BR /><BR /><BR /> dns resolveroptions [options]<BR /><BR /> The resolveroptions option allows you to tweak name<BR /> server options. The line takes a series of flags as<BR /> documented in resolver(3) (with the leading RES_<BR /> removed). Each can be preceded by an optional + or<BR /> -. For example,<BR /> dns resolveroptions +aaonly -dnsrch<BR /> turns on the aaonly option (only accept authoritative<BR /> answers) and turns off the dnsrch option (search the<BR /> domain path).<BR /><BR /><BR /><BR /><BR /></FILENAME></FILENAME> Wed, 16 Oct 2002 14:42:11 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-dns-reverse-resolution/m-p/2827052#M581019 Christopher Caldwell 2002-10-16T14:42:11Z