problem disabling mod_authz_host to avoid dns lookups

Question

hello,

i'm using Debian 4.3.2-1 and Apache 2 in my production server. Watching the logs I noticed apache is resolving client's hostnames with 'HostnameLookups Off' in apache2.conf. I want to avoid these lookups so i'm guessing apache is making this dns queries because i have mod_authz_host enabled. When i try to unlink this module i get several modules complaining because they use "Order" directive.

How is the clean way to go? Should I comment all Order directives like

Order allow,deny Deny from all

Is this the only way to stop apache making dns requests ?

thank you!

Answer 1

One option is to have the DNS server quickly answer any requests to convert an IP in to a hostname with a "this IP has no hostname" responses. MaraDNS 1.x supports this via "reject_ptr"; I could add this capability to Deadwood (MaraDNS 2.0) in about 10 minutes if there was demand for it.