HPE Community
Operating System - HP-UX
1823729 Members
2833 Online
109664 Solutions
New Discussion юеВ

telnet/ftp DNS

 
SOLVED
Go to solution
Stijn V
Regular Advisor

тАО07-30-2007 02:01 AM

тАО07-30-2007 02:01 AM

telnet/ftp DNS

Hi we do have some users connecting through a firewall to our Unix servers using telnet/ftp.

Their IP address is not recorded in DNS. Therefore telnet/ftp is enormously slow, however, if I add a record in /etc/hosts it is ok.

But I do not wan't to put their complete subnet in our /etc/hosts file.

Is their a possibility to disable the reverse DNS lookup for telnet and ftp??

Thanks,
-Stijn-
0 Kudos
Reply
4 REPLIES 4
Stijn V
Regular Advisor

тАО07-30-2007 02:04 AM

тАО07-30-2007 02:04 AM

Re: telnet/ftp DNS

FYI,

/etc/nsswitch.conf

hosts: files [NOTFOUND=continue UNAVAIL=continue] dns [NOTFOUND=continue]

/etc/resolv.conf

search domain
nameserver IPaddress
retrans 500
retry 2

However, the retrans and retry doesn't solve the slow telnet/ftp connection.
0 Kudos
Reply
Sajeev_1
Advisor

тАО07-30-2007 08:27 AM

тАО07-30-2007 08:27 AM

Re: telnet/ftp DNS

check this thread
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1144284
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО07-30-2007 01:13 PM

тАО07-30-2007 01:13 PM

Re: telnet/ftp DNS

No, the reverse IP lookup is hardcoded into telnet and ftp. The slow period is only during login authentication. The right fix is to tell the DNS administrators to provide records for all the addresses served by this DNS box. Normally, DHCP addresses are served by the DNS server so adding names to the server is a fairly normal setup. Of course if this DNS server is a Windows box...


Bill Hassell, sysadmin
Reply
Jim Keeble
Trusted Contributor

тАО07-30-2007 11:58 PM

тАО07-30-2007 11:58 PM

Solution

Re: telnet/ftp DNS

There is one more way to avoid the delay, You don't really have to record all the addresses of the remote hosts on the DNS server. All that is needed is an empty "zone" for the remote subnets.

So, the scenario changes from:

---------------------------------------
DNS server with no zone for the remote subnet.

Telnet Client ---> DNS
What's the hostname for this IP?

DNS doesn't know, goes off trying to find a server who does know, long delay here ...

DNS ---> Telnet client
I don't know the hostname for that IP

---------------------------------------

DNS server with empty zone.

Telnet Client ---> DNS
What's the hostname for this IP?

DNS finds the zone, knows he is authoritative. Looks for the hostname, doesn't have it. Immediately replies:

DNS ---> Telnet client
I don't know the hostname for that IP.

Telnet goes on with almost no delay ...

This scenario is only good if the remote hosts are really under the control of your DNS admins. If it's another company, the real answer is to ask THEM to set up a zone.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.