From: Amos Jeffries <squid3@treenet.co.nz>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: Ed W <lists@wildgooses.com>, netfilter <netfilter@vger.kernel.org>
Subject: Re: ipset causes reverse dns lookups?
Date: Tue, 17 Apr 2012 01:08:59 +1200 [thread overview]
Message-ID: <4F8C19EB.4070803@treenet.co.nz> (raw)
In-Reply-To: <alpine.DEB.2.00.1204161126050.20321@blackhole.kfki.hu>
On 16/04/2012 9:55 p.m., Jozsef Kadlecsik wrote:
> On Mon, 16 Apr 2012, Ed W wrote:
>
>> On 16/04/2012 09:08, Jozsef Kadlecsik wrote:
>>> Hostname and IP address are both supported as input and resolved
>>> internally by getaddrinfo. That can generate DNS lookups, depeding on the
>>> resolver library. What kind of system do you use, with which
>>> resolver/libc version?
>> Thanks so much for replying!
>>
>> This is a uclibc 0.9.33.1 system, x86. Resolver chain is /etc/hosts, then dns.
>> Local dnsmasq is installed.
>>
>> I can very clearly observe that on something like "ipset add", if I add
>> something that isn't quite an IP address then it generates a name lookup. What
>> I'm confused by is why the reverse ip lookup for the ip address? I have
>> traced it back I think to the parser.c code, but I concede I'm stuck
>> understanding even what is generating the lookup? You mention resolver, so
>> presumably it's a side effect of some other call, but could you spare a minute
>> to explain the trigger please? (just interested in the background in case it
>> occurs elsewhere?)
> That comes from the implementation of "getaddrinfo" in uclibc then. ipset
> itself does not force reverse DNS lookups.
FWIW, I have recently been dealing with user complains with other
software when built with uclibc. The uclibc implementation has been
caught ignoring AI_NUMERICHOST and performing full remote resolution
when passed numeric IPs for conversion.
AYJ
next prev parent reply other threads:[~2012-04-16 13:08 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-15 23:26 ipset causes reverse dns lookups? Ed W
2012-04-16 1:15 ` Ed W
2012-04-16 3:23 ` Ed W
2012-04-16 8:08 ` Jozsef Kadlecsik
2012-04-16 8:37 ` Ed W
2012-04-16 9:55 ` Jozsef Kadlecsik
2012-04-16 13:08 ` Amos Jeffries [this message]
2012-04-16 13:21 ` Jozsef Kadlecsik
2012-04-16 13:14 ` Ed W
2012-04-16 13:20 ` Jozsef Kadlecsik
[not found] ` <4F8C1E78.6030202@wildgooses.com>
[not found] ` <alpine.DEB.2.00.1204161548170.20321@blackhole.kfki.hu>
2012-04-16 22:05 ` Ed W
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F8C19EB.4070803@treenet.co.nz \
--to=squid3@treenet.co.nz \
--cc=kadlec@blackhole.kfki.hu \
--cc=lists@wildgooses.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.