soren625 03-09-2005 09:11 AM

iptables DNS reverse lookups
When I do

iptables -L
, iptables looks up each ip address to resolve it to its domain name. Is there a way to disable this? It seems slow, and I don't have a need for it.


Technoslave 03-09-2005 10:34 AM

iptables --help

Look at the 11th line from the bottom.

soren625 03-09-2005 12:01 PM

so, is option used when starting the iptables service? Or is it only used when using the -L option and such? Or is it used when creating a rule?

I just don't want to be banging away at DNS servers for every packet when I don't need to be.

Technoslave 03-09-2005 03:08 PM

Yeah, whenever I want to look at my iptables listing, I use iptables -L -n, it has more to do with not wanting to wait for resolving of addresses than it does for worrying about pinging DNS servers.

soren625 03-09-2005 04:48 PM

So, (this may be a stupid question) iptables doesn't try to resolve for each incoming packet does it?

Technoslave 03-10-2005 10:08 AM

As far as I know, it doesn't. What it probably does is when iptables is started up it will resolve any DNS type names that it has, get the IP for it and cache that entry and use that.

soren625 03-10-2005 11:06 AM

OK, thanks for the help.

