#2144 useless dns queries

1.210
closed
5
2005-07-01
2005-07-01
ca2005
No

The linux firewall module keeps querying the DNS when
any IP address is found in a iptables rule. This
includes address/mask blocks, i.e. if there is a rule
about 10.0.0.0/8 then a "0.0.0.10.in-addr.arpa. IN PTR"
query is submitted to DNS. This makes the firewall
interface very slow if there are many IP addresses or
blocks in the rules, especially if they don't have
reverse dns (like 10.0.0.0). I think this is a bug but
I never found any reference to this problem. These
queries are perfectly useless.

Discussion

  • Jamie Cameron

    Jamie Cameron - 2005-07-01
    • status: open --> closed
     
  • Jamie Cameron

    Jamie Cameron - 2005-07-01

    Logged In: YES
    user_id=129364

    The problem here is that the module runs
    /etc/init.d/iptables status on redhat systems to check if
    IPtables is working. Unfortunately, this can take a long
    time, as that script calls iptables without the -n option to
    disable DNS lookups.
    The next Webmin release will call that script only once ..

     

Log in to post a comment.