HostNameLookups
off
double
available only in Apache 1.3 and above.
on
prior to Apache 1.3.
This directive enables DNS lookups so that host names can be
logged (and passed to CGIs/SSIs in REMOTE_HOST
). The
value double
refers to doing double-reverse DNS. That
is, after a reverse lookup is performed, a forward lookup is then
performed on that result. At least one of the ip addresses in the
forward lookup must match the original address. (In "tcpwrappers"
terminology this is called PARANOID
.)
Regardless of the setting, when
mod_access is used for controlling access by hostname, a double
reverse lookup will be performed. This is necessary for security.
Note that the result of this double-reverse isn't generally
available unless you set HostnameLookups double
. For
example, if only HostnameLookups on
and a request is
made to an object that is protected by hostname restrictions,
regardless of whether the double-reverse fails or not, CGIs will
still be passed the single-reverse result in
REMOTE_HOST
.
The default for this directive was previously on
in versions of Apache prior to 1.3. It was changed to
off
in order to save the network traffic for those sites
that don't truly need the reverse lookups done. It is also better
for the end users because they don't have to suffer the extra
latency that a lookup entails. Heavily loaded sites should leave
this directive off
, since DNS lookups can take
considerable amounts of time. The utility logresolve,
provided in the /support directory, can be used to look up
host names from logged IP addresses offline.