[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers-public] Re: [gnu.org #437069] Reverse DNS resolution
|
From: |
Sylvain Beucler |
|
Subject: |
[Savannah-hackers-public] Re: [gnu.org #437069] Reverse DNS resolution |
|
Date: |
Fri, 1 May 2009 21:22:21 +0200 |
|
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Fri, May 01, 2009 at 03:11:35PM -0400, Ward Vandewege via RT wrote:
> > [beuc - Fri May 01 14:43:25 2009]:
> > Did anything change in the reverse DNS resolution setup recently?
>
> I changed our nameserver configuration to no longer respond to lookups
> for '.', as per
>
> http://isc.sans.org/diary.html?date=2009-01-18
>
> That change was made on 2009-04-27.
>
> But that *should* be unrelated.
>
> > Savannah uses 10.0.0.0/24 internally and some processes do reverse
> > lookup on them. When I try to do the reverse manually, all DNS
> > servers eventually timeout, but this takes a very long while. MySQL
> > in particular was impacted AFAIK.
>
> Yeah. The problem is clearly these reverse lookups. But, arguably you
> shouldn't be sending those lookups to nameservers in /etc/resolv.conf
> (only one of which is FSF operated, the others are run by our ISP).
>
> Can you add /etc/hosts entries to work around this?
I can and will, but in order to avoid such mysterious issues again,
would it be possible to send a reject or anything but not drop the
request?
--
Sylvain