HPE Community
Operating System - HP-UX
1834018 Members
2102 Online
110063 Solutions
New Discussion

Re: Disable DNS reverse resolution...

 
leleux
Occasional Contributor

‎10-16-2002 06:09 AM

‎10-16-2002 06:09 AM

Disable DNS reverse resolution...

I am using FTP servers on HP-UX 11.11 systems.
When a client connects to the FTP server, the server poerforms a PTR DNS resolution with the IP @ of the client.
Is there any way to avoid that, and how???
seb
0 Kudos
Reply
1 REPLY 1
Christopher Caldwell
Honored Contributor

‎10-16-2002 07:42 AM

‎10-16-2002 07:42 AM

Re: Disable DNS reverse resolution...

Might help if you tell us why, but since you asked:

You'll have to rebuild ftpd. The source is available from
www.wu-ftpd.org

add NO_DNS to the conf.h file.

/*
* NO_DNS
* Define this to skip DNS lookups. If the remote host name is needed, the
* daemon uses the IP numbers instead. 'deny !nameserved' will always be
* true (denying access) if this patch is enabled.
*
* This option is intended soley for very busy FTP sites where the added
* security of DNS lookups is overshadowed by the speed and resource penalties.
*
* Disabling DNS lookups removes all protections against spoofing, making
* remote user authentication virtually useless. This option should only be
* used on anonymous FTP servers.
*
* If you're not *absolutely sure* you need this, don't enable it.
*/
#define NO_DNS

In addition, man ftpaccess gives you some options for DNS:

dns refuse_mismatch [override]

Refuse FTP sessions when the forward and reverse
lookups for the remote site do not match. Display
the named file (like a message file), admonishing the
user. If the optional override is specified, allow
the connection after complaining.


dns refuse_no_reverse [override]

Refuse FTP sessions when there is no reverse DNS entry
for the remote site. Display the named file (like a mes??
sage file), admonishing the user. If the optional over??
ride is specified, allow the connection after complain??
ing.


dns resolveroptions [options]

The resolveroptions option allows you to tweak name
server options. The line takes a series of flags as
documented in resolver(3) (with the leading RES_
removed). Each can be preceded by an optional + or
-. For example,
dns resolveroptions +aaonly -dnsrch
turns on the aaonly option (only accept authoritative
answers) and turns off the dnsrch option (search the
domain path).
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.