I have a problem with rsyslogd using DNS to PTR-resolve each remote host's name.
Is there a way to use the '/etc/hosts' to do same job and disable resolution using DNS?
Asked
Active
Viewed 2,407 times
1 Answers
1
You could do that by ensuring the hosts entry in nsswitch.conf is configured as hosts files dns, meaning it will look at /etc/hosts first, and then DNS.
EDIT: As mentionned by @ThomasN below, this impacts more than just rsyslog, and you probably want to think about that approach before picking it.
But that may not be quite right:
if you actually want the resolution to happen, you might want to consider installing a local, caching resolver (could be dnsmasq, pdns-resolver, unbound, or any number of alternatives), and configure very long TTLs on the domains in question (if that is possible with your chosen server).
if you don't want resolution of those domains (or not from rsyslog, at least), then you can disable DNS in two ways (using command line switches):
-Qdisables DNS lookups during ACL processing, meaning all your network ACLs will need to befromhost-ip-based.-xdisables DNS for 'remote messages' (not completely clear what that means, beyond I guess that the remote host's domain name is not resolved at any point).
Most people seem to end up using both these flags together, but as mentionned above, this does impact your config. See https://linux.die.net/man/8/rsyslogd for more
iwaseatenbyagrue
- 3,688
- 15
- 24
-
1Changing `nsswitch.conf` is a global change: all host lookups from all programs will happen using that ordering. This may not be what you want. – Thomas N Mar 02 '17 at 15:32
-
Thanks @ThomasN - didn't think to clarify that - let me do it now – iwaseatenbyagrue Mar 02 '17 at 15:37