iptables DNS reverse lookups

soren625 · 03-09-2005, 08:11 AM

When I do

Code:

iptables -L

, iptables looks up each ip address to resolve it to its domain name. Is there a way to disable this? It seems slow, and I don't have a need for it.

Thanks

Technoslave · 03-09-2005, 09:34 AM

iptables --help

Look at the 11th line from the bottom.

soren625 · 03-09-2005, 11:01 AM

so, is option used when starting the iptables service? Or is it only used when using the -L option and such? Or is it used when creating a rule?

I just don't want to be banging away at DNS servers for every packet when I don't need to be.

Technoslave · 03-09-2005, 02:08 PM

Yeah, whenever I want to look at my iptables listing, I use iptables -L -n, it has more to do with not wanting to wait for resolving of addresses than it does for worrying about pinging DNS servers.

soren625 · 03-09-2005, 03:48 PM

So, (this may be a stupid question) iptables doesn't try to resolve for each incoming packet does it?

Technoslave · 03-10-2005, 09:08 AM

As far as I know, it doesn't. What it probably does is when iptables is started up it will resolve any DNS type names that it has, get the IP for it and cache that entry and use that.

soren625 · 03-10-2005, 10:06 AM

OK, thanks for the help.