Inhibiting reverse DNS lookups by the SSH server - VMS

This is a discussion on Inhibiting reverse DNS lookups by the SSH server - VMS ; Hi, Process Software MultiNet V5.2 Rev A-X, HP rx2660 (1.59GHz/9.0MB), OpenVMS I64 V8.3-1H1 One of the users who works from home has reported that he's seeing long delays in logging in via SSH. We both suspected a DNS issue and ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Inhibiting reverse DNS lookups by the SSH server

  1. Inhibiting reverse DNS lookups by the SSH server

    Hi,

    Process Software MultiNet V5.2 Rev A-X, HP rx2660 (1.59GHz/9.0MB),
    OpenVMS I64 V8.3-1H1

    One of the users who works from home has reported that he's seeing long
    delays in logging in via SSH. We both suspected a DNS issue and it seems
    this is the case. Attempts to do a reverse lookup on his IP address yield
    the result "Server failed". I've also tried this from a non-MultiNet system
    at another site with a different ISP and got a similar result.

    So I'd like to see if we can prevent the reverse lookup.

    a) is it possible to configure SSH to not attempt a reverse DNS lookup on
    the source IP address?

    b) is there any reason why disabling the reverse DNS lookup would be a bad
    idea, particularly if we're not interested in doing access control based
    on the source of the SSH connection?

    I suppose an alternative approach would be to add a master zone to MultiNet's
    NAMED.CONF file specifically for his IP address.

    Regards,

    Jeremy Begg

    +---------------------------------------------------------+
    | VSM Software Services Pty. Ltd. |
    | http://www.vsm.com.au/ |
    | "OpenVMS Systems Management & Programming" |
    |---------------------------------------------------------|
    | P.O.Box 402, Walkerville, | E-Mail: jeremy@vsm.com.au |
    | South Australia 5081 | Phone: +61 8 8221 5188 |
    |---------------------------| Mobile: 0414 422 947 |
    | A.C.N. 068 409 156 | FAX: +61 8 8221 7199 |
    +---------------------------------------------------------+

  2. RE: Inhibiting reverse DNS lookups by the SSH server

    Add the following to SSH2_DIR:SSHD2_CONFIG.

    ResolveClientHostName False

    -----Original Message-----
    From: Jeremy Begg [mailto:jeremy@vsm.com.au]
    Sent: Wednesday, September 10, 2008 10:29 PM
    To: info-multinet@process.com
    Subject: Inhibiting reverse DNS lookups by the SSH server

    Hi,

    Process Software MultiNet V5.2 Rev A-X, HP rx2660 (1.59GHz/9.0MB),
    OpenVMS I64 V8.3-1H1

    One of the users who works from home has reported that he's seeing long
    delays in logging in via SSH. We both suspected a DNS issue and it
    seems
    this is the case. Attempts to do a reverse lookup on his IP address
    yield
    the result "Server failed". I've also tried this from a non-MultiNet
    system
    at another site with a different ISP and got a similar result.

    So I'd like to see if we can prevent the reverse lookup.

    a) is it possible to configure SSH to not attempt a reverse DNS lookup
    on
    the source IP address?

    b) is there any reason why disabling the reverse DNS lookup would be a
    bad
    idea, particularly if we're not interested in doing access control
    based
    on the source of the SSH connection?

    I suppose an alternative approach would be to add a master zone to
    MultiNet's
    NAMED.CONF file specifically for his IP address.

    Regards,

    Jeremy Begg

    +---------------------------------------------------------+
    | VSM Software Services Pty. Ltd. |
    | http://www.vsm.com.au/ |
    | "OpenVMS Systems Management & Programming" |
    |---------------------------------------------------------|
    | P.O.Box 402, Walkerville, | E-Mail: jeremy@vsm.com.au |
    | South Australia 5081 | Phone: +61 8 8221 5188 |
    |---------------------------| Mobile: 0414 422 947 |
    | A.C.N. 068 409 156 | FAX: +61 8 8221 7199 |
    +---------------------------------------------------------+

+ Reply to Thread