tomclegg.net


Diary
Examples
    256-router
    adzap
  >apache-double-reverse<
    cacti-adodb-php4
    debian-quota
    diskonmodule
    dollarsperbyte
    dynip
    ezmlm-linux
    fbsdhabits
    freebsdclone
    macbook-quantal-sound
    maildirpop3d-awfulhak
    mandy
    md
    mrtg
    net-snmp
    nodefaultroute
    oracle9i
    oracle9i-bsd5
    oracle9i-client
    oracle9i-nat
    php-cgi
    php-commandline
    php-image
    php-kics
    php-mini_httpd
    pinouts
    pizzaperdollar
    plesk-symlink-php
    pxe
    qmail-linux
    qmail-qfilter
    racoon-sonicwall
    redundant-vpn
    rewriterule
    seahorse-workaround
    setting-locale-failed
    smalldog
    snmpv3-cacti
    spamassassin
    squid-tproxy
    supfile
    suse73
    svc-nmbd
    svc-smbd
    svc-smtpd
    switch-virtualbox-virsh
    toyotastereo
    vm
    vn-file
    wmp-invalid
    xcode-remote-install
    xen-eth0-renamed
    xen-monowall
    xen3-ubuntu-dapper
    zz-update-grub-fail
Hire Tom
Mostly Mozart
Patches
School
Scrapbook
Software
Telephones




colocation
comments
davidireland
edsgranola
faq
funsites
goodlooking
goodmovies
google-earth-saucy-amd64
houserules
liberating
resume
resume2
scratch
shopping
snacks
todo
university
warisbogus

Apache double reverse dns lookups
Posted October 29, 2011

If %h is putting DNS names instead of IP addresses in your Apache access logs (or perhaps you just notice that requests from clients whose DNS is broken are very slow), check:

  1. HostnameLookups Off in your server config files.
  2. No REMOTE_HOST in any SetenvIf or RewriteCond or RewriteRule directives.
  3. No Allow from name or Deny from name in your server config or .htaccess files. Stick to IP addresses, IP subnets, and "all". In particular, Apache treats "none" as a DNS name, not a magic word like "all".
  4. No non-numeric hosts in your mod_bw configuration. This includes "localhost". Stick to IP addresses and subnets.

The last two are the only ones I've found that do double reverse lookups (i.e., look up PTR for IP address, then look up A for the resulting name). The PTR lookup is the most common thing that ISPs do wrong, but today it was the A lookup causing trouble.

20:50:47.469751 IP 68.233.169.195.5853 > 209.53.4.150.53: 33618 A? d75-157-82-254.bchsia.telus.net. (49)
20:50:47.571669 IP 209.53.4.150.53 > 68.233.169.195.5853: 33618 ServFail- 0/0/0 (49)