How to disable reverse DNS lookup on SSH login

Similar Messages

• HELP! Disabling reverse DNS lookups on client

  Is there a property that can be set to disable the reverse DNS
  lookup for client requests? I read that if reverse lookups are
  no working then client requests can take an extra 15-30 seconds.
  In our environment reverse lookups are not something we can
  count on so we would like to disable them completely. Please let
  me know which property can be set it if any to accomplish this.
  Regards,
  Robert

  Don't we all ;)
  WL 5.1 sp3
  Sol 2.6
  J2 1.2.1_04
  Rich Nill wrote in message <[email protected]>...
  Paul,
  What version of Weblogic are you running? I want to make sure we don'tsuffer
  from the same problem.
  Thanks,
  Rich
  Paul Iter wrote:
  Would this patch have any impact on the problem I described in
  "performance
  degradation PROBLEM"?
  Thanks,
  Paul
  Mark Griffith wrote:
  There is another issue here though, when we print out server ID's we
  call
  java.net.InetAddress.toString() which ends up in a DNS call.
  Contact support they have a one-off patch.
  cheers
  mbg
  In article <[email protected]>, [email protected]
  says...
  Is there a property that can be set to disable the reverse DNS
  lookup for client requests? I read that if reverse lookups are
  no working then client requests can take an extra 15-30 seconds.
  In our environment reverse lookups are not something we can
  count on so we would like to disable them completely. Please let
  me know which property can be set it if any to accomplish this.
  Regards,
  Robert
  ==================================================
  NewsGroup Rant
  ==================================================
  Rant 1.
  The less info you provide about your problem means
  the less we can help you. Try to look at the
  problem from an external perspective and provide
  all the data necessary to put your problem in
  perspective.

• [solved] disable reverse dns caching (pdnsd)

  Hey guys, i have setup pdnsd for dns caching, and it's working fine. There's a small issue though. I would like to disable caching for reverse dns lookups. This is because the cache file is getting filled up with thousand of such entries, due to p2p software such as rtorrent.
  Is there an option for the pdnsd.conf file which can disable this feature?
  Last edited by x33a (2014-01-23 05:51:37)

  After extensive searching, I found that this can be achieved by disabling PTR rr type, but pdnsd won't run without it.
  For reference purpose:
  Support for different rr types can be disabled by modifying src/rr_types.in accordingly (source code file). unfortunately, PTR along with a few other rr types is essential to pdnsd, so disabling it is not an option.

• Is it possible to override authorative reverse DNS lookups?

  Hello,
  I am part of collaborative workgroup which has a group of networked computers that are installed at each others sites. This means that often a server has two names - a "site name", which is the name in DNS, such as BigFoot.yale.edu at X.X.X.5 and a "workgroup name", the name used by the group for distributed processes, such as YaleBigFoot.workgroup.net also at X.X.X.5 in our /etc/hosts file.
  We are trying to use globus and GSI authentication in between the servers which requires valid reverse dns lookups, such that a CN=host/ .
  On unix'y servers, this requires setting up a rather comples /etc/hosts and editing /etc/nsswitch so that /etc/hosts is used authoritively for all lookups.
  I have been trying to replicate this behavior for our Mac users, and I'm running into problems. I have read all the "reverse dns" documentation I can - and it appears that my problem is different.
  I have setup a /etc/hosts file and a /etc/lookupd/hosts configuration file and a /etc/named.conf section for workgroup.net and a /var/named/workgroup.net.zone file.
  However I still get the following output:
  $ host yale-bigfoot.workgroup.net
  yale-bigfoot.workgroup.net has address X.X.X.5
  $ host X.X.X.5
  X.X.X.5.in-addr.arpa domain name pointer workgroup-router-node.net.yale.edu.
  Is it possible to override the authorative reverse lookups?
  Thank you in advance,
  Brendan
  PS: names and address are not actual
  17' SuperDrive Powerbook G4   Mac OS X (10.4.6)  

  However, you can achieve do something that looks similar to overriding.
  class Parent {
    Parent(int i, String s) {
      // do stuff
  class Child extends Parent {
    Child(int i, String s) {
      super(i, s);
      // do Child stuff here
  new Parent(1, "abc");
  new Child(2, "xyz");Although that's not overriding, it sort of looks similar. Is this what you were talking about?

• How to disable right click on SAP portal login page

  Hi,
  How to disable right click on SAP portal login page. Our requirement is one should not be able to right click -
  >view source. on the portal login page.
  Best Regars,
  Tushar

  Hi Tchanvan,
  If you search google with "javascript disable right click" you will get loads of javascript code. This will also help you to gain knowledge.
  @Explanation to last post : You need to import standard logon par file in NWDS. Create javascript file to disable right click and then include this file in your logon page. i think login page name is portalLogin.jsp and then deploy this new PAR file.
  regards,
  Jigar Oza

• 9i app 9.0.2.01?Does the reverse DNS lookup have to be set up for a FQDN

  HEy guys:
  I'M ALWAYS GETTING STUCK IN THE SAME PLACE WHEN I AM TRYING TO INSTALL 9I APPSERVER 9.0.2.0.1 REL 2. ITS ALWATYS HAPPENING AT THE oRACLE db CONFIG assistant i have set up my host file and when i ping -a servername i get the full reply back ex. servername.domain.com but now when i ping -a 111.111.111.111 i do not get the host name back this is b/c i do not have the PTR record set up. Do i have to have a reverse dnslookup working for what oracle is stating is "FQDN" and not just the dns lookup working...how is oracle installer looking at this piece.
  that is the only i see that i don't have when i look at my computer name (by the way this is a winnt environment)in properties it has the FQDN. i also have set up the host file correctly resembling 111.111.111.111 servername.domainname.com servername oracleinstall. What else am i missing here guys? thanks for the help in advance
  regards,
  robert

  Actually, these issues were/are documented - see the addendum. Also, the install guide details which files need to be updated with the FQDN/IP.
  Though it does not have to be setup in your DNS server (say if you are just doing it on a single tier to test), those machines which are looking to connect to it would need to have the proper additions to the hosts file as well.
  As for why the 'non-default' http ports, this was a result of Unix security. Non-root users cannot start processes using ports below a specific range. As a result, oracle defaults them to a higher number allowing your oracle account whom lacks root access to start the http service.
  As for non-oracle responses, this isn't really an official forumn. I believe those oracle peeps who do respond here are doing so on their own. If you need official/immediate responses, then i would recommend using metalink for an itar or the metalink forums.
  Now on to Robert's second question. See metalink Note:209114.1: How to Change the Port used for Oracle 9iAS Portal 9.0.x. If you don't have access to metalink, let me know and I can forward the note or post it here.
  Have fun!

• How do I calculate DNS lookup timings?

  I need help figuring out how I can calculate the time to perform a DNS lookup on a resource. For example, if I use
  HttpURLConnection hpCon = (HttpURLConnection) url.openConnection();
  then,
  respCode = connection.getResponseCode();
  Would it be safe to say the DNS lookup time is the difference between these two points?
  I have not found any documentation anywhere as to how effective get DNS lookup times in Java.
  Please help.

  One way would be to check the time before and after the two events, subtract and see the difference.

• ASA 5520 Reverse DNS lookup Issue

  We are having Reverse DNS issues.
  10.10.0.10 = Exchange Server
  Windows 2003 = DNS server internal.
  Setup: 1 to 1 NAT
  10.10.0.10 smtp --> 70.89.133.218 smtp
  Int gi0/2 = 70.89.133.217
  Incoming Access Rule:
  any --> 70.89.133.218 smtp permit
  When we do a WhatismyIp on exchange server it says the IP is 70.89.133.217
  It should be 70.89.133.217.
  This is causing our email to be rejected from external sites due to reverse dns not returning 218. External people say are email is coming from 217. Comcast says the reverse pointer is setup correctly.
  What are we doing wrong?
  Thanks for any help you can offer.

  Correction:
  When we do a WhatismyIp on exchange server it says the IP is 70.89.133.217
  It should be 70.89.133.218
  217 is the interface gi0/2 on the ASA.

• Reverse DNS Lookup Failed!

  I started this thread weeks ago in the mail category, because it was related to sending e-mails to certain accounts. If you could please look at this thread I would greatly appreciate it so I don't have to re-explain the whole situation. I need to get this resolved as soon as possible and I don't know what else to do. I have had tons of help on the subject, yet no one can figure out why it's not working. You can do reverse resolution to my server just fine and my service provider shows it's pointing to my dns servers but somewhere in the mix it won't resolve any other way except directly to mine.
  http://discussions.apple.com/thread.jspa?threadID=323884&tstart=0
  I have read every article on here that has revserse DNS in it, yet still no luck. Thanks.

  Zone File:
  $TTL 86400
  funsunstudio.com. IN SOA ns1.funsunstudio.com. marshall.funsunstudi
  o.com. (
  2006013000 ; serial
  3h ; refresh
  1h ; retry
  1w ; expiry
  1h ) ; minimum
  funsunstudio.com. IN NS ns1.funsunstudio.com.
  funsunstudio.com. IN NS ns2.funsunstudio.com.
  funsunstudio.com. IN A 12.146.245.40
  ns1 IN A 12.146.245.40
  ns2 IN A 12.146.245.41
  mail IN A 12.146.245.34
  funsunstudio.com. IN MX 0 mail
  www IN A 12.146.245.42
  * IN A 12.146.245.42
  oms IN A 12.146.245.42
  named.conf
  zone "funsunstudio.com." in {
  file "funsunstudio.com.zone";
  type master;
  zone "245.146.12.in-addr.arpa" IN {
  file "db.12.146.245";
  type master;
  db.12.146.245 file:
  $TTL 86400
  245.146.12.in-addr.arpa. IN SOA ns1.245.146.12.in-addr.arpa. mar$
  2006013000 ; serial
  3h ; refresh
  1h ; retry
  1w ; expiry
  1h ) ; minimum
  245.146.12.in-addr.arpa. IN NS ns1.funsunstudio.com.
  245.146.12.in-addr.arpa. IN NS ns2.funsunstudio.com.
  32/28.245.146.12.in-addr.arpa. IN PTR ns1.funsunstudio.com.
  32/28.245.146.12.in-addr.arpa. IN PTR ns2.funsunstudio.com.
  34.245.146.12.in-addr.arpa. IN PTR mail.funsunstudio.com.
  42.245.146.12.in-addr.arpa. IN PTR www.funsunstudio.com.
  Yes I know I am resolving it for the whole C-Class, but should not affect my issue. Thanks for the help Camelot. BTW I am basing this all off the e-mail AT&T sent me about the setup, so if it's totally wrong please don't yell too bad.

• TS1398 How do you rectify "DNS lookup failed" on an iPad?

  I cannot access certain web sites and get the above message.  I have managed to find instructions on how to fix the problem for a Windows based PC but not an iPad.
  Can anyone help?  I am not technically minded.  We have a BT home hub wireless router.

  Hi makc1!
  Here is an article for you that talks about DNS settings and can help you troubleshoot this issue:
  Non-responsive DNS server or invalid DNS configuration can cause long delay before webpages load
  http://support.apple.com/kb/ts2296
  Thanks for coming to the Apple Support Communities!
  Cheers,
  Braden

• [SOLVED] How to disable "No mail." message upon login?

  This one's really stumping me. I disable the mail message a few months ago by creating a .hushlogin file in my home directory. That did the trick. Now, I am seeing the message again, and I don't know why. .hushlogin still exists in my home directory. Here's my /etc/login.defs:
  # /etc/login.defs - Configuration control definitions for the login package.
  # Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
  # If unspecified, some arbitrary (and possibly incorrect) value will
  # be assumed. All other items are optional - if not specified then
  # the described action or option will be inhibited.
  # Comment lines (lines beginning with "#") and blank lines are ignored.
  # Modified for Linux. --marekm
  # Delay in seconds before being allowed another attempt after a login failure
  FAIL_DELAY 3
  # Enable display of unknown usernames when login failures are recorded.
  LOG_UNKFAIL_ENAB no
  # Enable logging of successful logins
  LOG_OK_LOGINS no
  # Enable "syslog" logging of su activity - in addition to sulog file logging.
  # SYSLOG_SG_ENAB does the same for newgrp and sg.
  SYSLOG_SU_ENAB yes
  SYSLOG_SG_ENAB yes
  # If defined, either full pathname of a file containing device names or
  # a ":" delimited list of device names. Root logins will be allowed only
  # upon these devices.
  CONSOLE /etc/securetty
  #CONSOLE console:tty01:tty02:tty03:tty04
  # If defined, all su activity is logged to this file.
  #SULOG_FILE /var/log/sulog
  # If defined, file which maps tty line to TERM environment parameter.
  # Each line of the file is in a format something like "vt100 tty01".
  #TTYTYPE_FILE /etc/ttytype
  # If defined, the command name to display when running "su -". For
  # example, if this is defined as "su" then a "ps" will display the
  # command is "-su". If not defined, then "ps" would display the
  # name of the shell actually being run, e.g. something like "-sh".
  SU_NAME su
  # *REQUIRED*
  # Directory where mailboxes reside, _or_ name of file, relative to the
  # home directory. If you _do_ define both, MAIL_DIR takes precedence.
  # QMAIL_DIR is for Qmail
  #QMAIL_DIR Maildir
  MAIL_DIR /var/spool/mail
  # If defined, file which inhibits all the usual chatter during the login
  # sequence. If a full pathname, then hushed mode will be enabled if the
  # user's name or shell are found in the file. If not a full pathname, then
  # hushed mode will be enabled if the file exists in the user's home directory.
  HUSHLOGIN_FILE .hushlogin
  #HUSHLOGIN_FILE /etc/hushlogins
  # *REQUIRED* The default PATH settings, for superuser and normal users.
  # (they are minimal, add the rest in the shell startup files)
  ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
  ENV_PATH PATH=/bin:/usr/bin
  # Terminal permissions
  # TTYGROUP Login tty will be assigned this group ownership.
  # TTYPERM Login tty will be set to this permission.
  # If you have a "write" program which is "setgid" to a special group
  # which owns the terminals, define TTYGROUP to the group number and
  # TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
  # TTYPERM to either 622 or 600.
  TTYGROUP tty
  TTYPERM 0600
  # Login configuration initializations:
  # ERASECHAR Terminal ERASE character ('\010' = backspace).
  # KILLCHAR Terminal KILL character ('\025' = CTRL/U).
  # UMASK Default "umask" value.
  # The ERASECHAR and KILLCHAR are used only on System V machines.
  # The ULIMIT is used only if the system supports it.
  # (now it works with setrlimit too; ulimit is in 512-byte units)
  # Prefix these values with "0" to get octal, "0x" to get hexadecimal.
  ERASECHAR 0177
  KILLCHAR 025
  UMASK 077
  # Password aging controls:
  # PASS_MAX_DAYS Maximum number of days a password may be used.
  # PASS_MIN_DAYS Minimum number of days allowed between password changes.
  # PASS_WARN_AGE Number of days warning given before a password expires.
  PASS_MAX_DAYS 99999
  PASS_MIN_DAYS 0
  PASS_WARN_AGE 7
  # Min/max values for automatic uid selection in useradd
  UID_MIN 1000
  UID_MAX 60000
  # System accounts
  SYS_UID_MIN 500
  SYS_UID_MAX 999
  # Min/max values for automatic gid selection in groupadd
  GID_MIN 1000
  GID_MAX 60000
  # System accounts
  SYS_GID_MIN 500
  SYS_GID_MAX 999
  # Max number of login retries if password is bad
  LOGIN_RETRIES 5
  # Max time in seconds for login
  LOGIN_TIMEOUT 60
  # Which fields may be changed by regular users using chfn - use
  # any combination of letters "frwh" (full name, room number, work
  # phone, home phone). If not defined, no changes are allowed.
  # For backward compatibility, "yes" = "rwh" and "no" = "frwh".
  CHFN_RESTRICT rwh
  # List of groups to add to the user's supplementary group set
  # when logging in on the console (as determined by the CONSOLE
  # setting). Default is none.
  # Use with caution - it is possible for users to gain permanent
  # access to these groups, even when not logged in on the console.
  # How to do it is left as an exercise for the reader...
  #CONSOLE_GROUPS floppy:audio:cdrom
  # Should login be allowed if we can't cd to the home directory?
  # Default in no.
  DEFAULT_HOME yes
  # If defined, this command is run when removing a user.
  # It should remove any at/cron/print jobs etc. owned by
  # the user to be removed (passed as the first argument).
  #USERDEL_CMD /usr/sbin/userdel_local
  # Enable setting of the umask group bits to be the same as owner bits
  # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
  # the same as gid, and username is the same as the primary group name.
  # This also enables userdel to remove user groups if no members exist.
  USERGROUPS_ENAB yes
  Please help.
  Last edited by nbtrap (2012-07-14 21:59:46)

  orbisvicis wrote:see "pam_mail.so" in /etc/pam.d/* and "man pam_mail". You most likely need the nopen argument.
  Thank you. I fixed it by changing a line in /etc/pam.d/system-login. Specifically, I changed
  session optional pam_mail.so dir=/var/spool/mail standard
  to
  session optional pam_mail.so dir=/var/spool/mail nopen

• How to disable Itunes music stores auto account login on startup

  Since I upgraded iTunes I've had a account log in screen asking me to sign in with my iTunes Store ID and password every-time I launch iTunes. Is there anyway to disable it? My wake-up- software stopped to work and im late to work everyday after this "upgrade".
  Yes there is, and Apple themselves tells you how.
  ( ps. Apple, - please let it be a choice the next time, in preference.. )
  Apples - support answer.
  - I have some steps for you to try that should take care of this issue. Please try these steps below:
  1. Quit iTunes.
  2. Open your iTunes folder (usually found in the Music folder in your Home folder).
  3. Double click the iTunes Music folder.
  4. Inside you should find a folder called Downloads.
  5. In this folder you will see a file "list.plist". Drag this file to your desktop.
  6. Restart iTunes and hopefully iTunes will not ask for your password.
  Please let me know if this works or not. Thank you for being an iTunes Store customer, and have a great day!
  Sincerely,
  Jessica
  *iTunes Store Customer Support*
    Mac OS X (10.4.9)  

  John Hammer1 is partially right. There are three locations for startup items
  </System/Library/StartupItems>
  </Library/StartupItems>
  <~/Library/StartupItems>
  (In theory, the first should be reserved exclusively for items bundled with Mac OS X.)
  However, startup items have been deprecated since Tiger. Apple advises that only software which requires Panther compatibility should use them. The correct mechanism in Tiger and later is launchd. Therefore, if you don't find anything in the StartupItems folders, what you need to look for is a .plist file corresponding to your programme, which could be in
  <~/Library/LaunchAgents>
  </Library/LaunchAgents>
  </Library/LaunchDaemons>
  </System/Library/LaunchDaemons>
  </System/Library/LaunchAgents>
  (See "Creating Launch Daemons and Agents" in "Daemons and Services Programming Guide" in Apple's Developer library.)

• Reverse IP lookup

  When I run the "last" command I would like to see IP address of the user instead of the host names. I assume Solaris is doing some type of reverse ip lookup and displaying the host name here. Is there a way of disabling reverse DNS lookup and what other consequenses should I consider before doing so.

  New_DS_User wrote:
  When I run the "last" command I would like to see IP address of the user instead of the host names. I assume Solaris is doing some type of reverse ip lookup and displaying the host name here.More like it does the reverse IP lookup and logs the name. There's no lookup at display time.
  Is there a way of disabling reverse DNS lookup and what other consequenses should I consider before doing so.I don't know any method of doing so for just the login stuff. You could disable DNS, but that has other consequences. :-)
  Darren

• Set up reverse DNS for virtual mail hosting

  I need a bit of server configuation advice.
  I have a static IP and two public domains on a Snow Leopard server connected using NAT behind a firewall - with the necessary port forwarding to ensure all works. 
  1. abc.com is my primary domain on the server - server.abc.com
  2. I have xyz.com set up as a virtual domain and also as a virtual mail host
  This setup has worked well for a long time but I have found that emails to [email protected] are going missing.  If I check my mx records using one of the web based tools it show an error on the reverse dns for server.xyz.com showing a reverse DNS of server.abc.com.
  So the question - is it possible to have secondary 'virtual' DNS record on the server so reverse DNS works for the virtual mail host xyz.com?  If not how do I handle the reverse DNS problem which i think is causing some external mail server to reject mail due to the inconsistency on the reverse DNS lookup?
  Many thanks for any suggestions

  SMTP requires a DNS A record.
  A DNS A record is also known as a machine record.
  A DNS A record inherently means that forward DNS and reverse DNS will match.
  The forward translation translates the host name to the IP address.
  The reverse translation translates the IP address to host name.
  When the full translation produces the same host name, that's an A record.
  DNS CNAME records are aliases, and are used for virtual hosts.
  CNAME records inherently do not match the reverse DNS translations.
  To get your configuration to work, your server must have an A record.
  That means forward and reverse DNS will match.
  Any of the virtual hosts within your mail server then all use an MX pointing at the A record host.
  If you have your DNS hosted somewhere other than your ISP, then you'll need your ISP to set up a DNS PTR.
  The DNS PTR is the reverse translation; address to name.
  If you have your own DNS services within your network (as would be typical with a privately-addressed NAT'd network), set that up as a virtual host within SMTP.
  Here is some related reading on external (public) DNS, as related to SMTP servers and such.

• Block Reverse DNS failures or not?

  Hey guys,
  Philosphical question, which I honestly didn't think I'd have to ask...
  Do you block messages from servers that fail reverse DNS lookup (eg no pointer record or non matching pointer record)?
  We recently tightened things up, and put those in the blacklist, and I'm seeing more legit senders getting dropped than I expected.
  Am I expecting too much?
  Ken

  You can enable these three checkbox in the sendergroup BLACKLIST:
  -Connecting host PTR record does not exist in DNS.
  -Connecting host PTR record lookup fails due to temporary DNS failure.
  -Connecting host reverse DNS lookup (PTR) does not match the forward DNS lookup (A).
  Be aware for the False positives.