Apache httpd won't stop doing reverse DNS requests for clients' IPs
Obviously my Apache httpd instance is doing reverse DNS (RDNS, give me the hostname for this IP address) lookups for each incoming client connection's IP address. This is bad. Especially since sometimes resolution fails with a missing PTR record - after 28secs.
Diagnostics: I added %D to my "combined" log style and looked at the response times this way: Clearly <1s for all those that are logged with their hostname and 20+s for those that get their IP logged.
This is what I tried:
- Turn off the
server-statusextension. - Check that
HostnameLookups Offis in the config. - Check that
mod_accessis not given any hostname in anAllow/Denyrule. - Check that reverse proxied servers follow the same rules.
What have I missed?
It seems the standard Ubuntu 8.04 Apache httpd install comes with a LogFormat that starts with %h and that does a client IP's RDNS lookup. Why oh why?? Replacing it with %a (remote IP address, see custom log formats) reduces this problem by ca. 90%. Some remain...
Have you verified HostnameLookups is not set in any other directive?
Have you activated the module mod_authz_host?
I stumbled over the same problem and I discovered another source of reverse lookups: the applications themselves! PHP has the gethostbyaddr() function:
http://php.net/manual/en/function.gethostbyaddr.php