11

Obviously my Apache httpd instance is doing reverse DNS (RDNS, give me the hostname for this IP address) lookups for each incoming client connection's IP address. This is bad. Especially since sometimes resolution fails with a missing PTR record - after 28secs.

Diagnostics: I added %D to my "combined" log style and looked at the response times this way: Clearly <1s for all those that are logged with their hostname and 20+s for those that get their IP logged.

This is what I tried:

  • Turn off the server-status extension.
  • Check that HostnameLookups Off is in the config.
  • Check that mod_access is not given any hostname in an Allow/Deny rule.
  • Check that reverse proxied servers follow the same rules.

What have I missed?

Paul
  • 1,918
  • 4
  • 18
  • 24

5 Answers5

20

It seems the standard Ubuntu 8.04 Apache httpd install comes with a LogFormat that starts with %h and that does a client IP's RDNS lookup. Why oh why?? Replacing it with %a (remote IP address, see custom log formats) reduces this problem by ca. 90%. Some remain...

Cristian Ciupitu
  • 6,396
  • 2
  • 42
  • 56
Paul
  • 1,918
  • 4
  • 18
  • 24
3

Have you verified HostnameLookups is not set in any other directive? Have you activated the module mod_authz_host?

Christian
  • 4,703
  • 2
  • 24
  • 27
  • Yes I `grep -ri`-ed it all over. `mod_authz_host` is active and no hostnames are used in the Allow/Deny-rules. Now not even with `localhost`. – Paul Jan 06 '10 at 22:39
1

I stumbled over the same problem and I discovered another source of reverse lookups: the applications themselves! PHP has the gethostbyaddr() function:

http://php.net/manual/en/function.gethostbyaddr.php

nalply
  • 1,087
  • 1
  • 10
  • 19
0

I have an apache server behind an NGINX reverse proxy server. Apache server would do a reverse DNS lookup for every request. I tried everything suggested so far, and even went as far as commenting out the log lines, but Apache (or something) was doing reverse DNS lookups (of the NGINX server). I then added the NGINX server in the apache server's /etc/hosts file and no more reverse lookups! While all this was happening Apache would happily forward the remote-ip (of the client) without any lookups. Happy with the workaround, but would love to know how to completely avoid lookup of the same NGINX reverse proxy server, over and over again!

Senthil
  • 101
  • 1
0

Interestingly, I just ran into a similar issue on one of my servers. The problem started right around the time I ran a command-line PHP script that scanned the log files for the top IP addresses. Then I had PHP perform a reverse DNS lookup on each IP address. Right around the time I did this, I noticed that Apache suddenly started dumping hostnames into the logs instead of IP addresses. Switching to %a from %h and restarting Apache seems to have cleared up the problem. HostnameLookups is set to Off. My guess is that Apache just uses locally cached results if there happens to be a reverse lookup for the IP in the cache. Maybe? Either that or this is a bug in the server.