On 16/04/2012 9:55 p.m., Jozsef Kadlecsik wrote:
On Mon, 16 Apr 2012, Ed W wrote:
On 16/04/2012 09:08, Jozsef Kadlecsik wrote:
Hostname and IP address are both supported as input and resolved
internally by getaddrinfo. That can generate DNS lookups, depeding on the
resolver library. What kind of system do you use, with which
resolver/libc version?
Thanks so much for replying!
This is a uclibc 0.9.33.1 system, x86. Resolver chain is /etc/hosts, then dns.
Local dnsmasq is installed.
I can very clearly observe that on something like "ipset add", if I add
something that isn't quite an IP address then it generates a name lookup. What
I'm confused by is why the reverse ip lookup for the ip address? I have
traced it back I think to the parser.c code, but I concede I'm stuck
understanding even what is generating the lookup? You mention resolver, so
presumably it's a side effect of some other call, but could you spare a minute
to explain the trigger please? (just interested in the background in case it
occurs elsewhere?)
That comes from the implementation of "getaddrinfo" in uclibc then. ipset
itself does not force reverse DNS lookups.
FWIW, I have recently been dealing with user complains with other
software when built with uclibc. The uclibc implementation has been
caught ignoring AI_NUMERICHOST and performing full remote resolution
when passed numeric IPs for conversion.
AYJ
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
