Apache double reverse dns lookups
Posted October 29, 2011
If %h is putting DNS names instead of IP addresses in your Apache access logs (or perhaps you just notice that requests from clients whose DNS is broken are very slow), check:
HostnameLookups Off in your server config files.- No
REMOTE_HOST in any SetenvIf or RewriteCond or RewriteRule directives.
- No
Allow from name or Deny from name in your server config or .htaccess files. Stick to IP addresses, IP subnets, and "all". In particular, Apache treats "none" as a DNS name, not a magic word like "all".
- No non-numeric hosts in your mod_bw configuration. This includes "localhost". Stick to IP addresses and subnets.
The last two are the only ones I've found that do double reverse lookups (i.e., look up PTR for IP address, then look up A for the resulting name). The PTR lookup is the most common thing that ISPs do wrong, but today it was the A lookup causing trouble.
20:50:47.469751 IP 68.233.169.195.5853 > 209.53.4.150.53: 33618 A? d75-157-82-254.bchsia.telus.net. (49)
20:50:47.571669 IP 209.53.4.150.53 > 68.233.169.195.5853: 33618 ServFail- 0/0/0 (49)
|