HostNameLookups


Syntax: HostNameLookups on | off | double
Default: HostNameLookups off
Context: server config, virtual host, directory
Status: core
Compatibility: double available only in Apache 1.3 and above.
Compatibility: Default was on prior to Apache 1.3.

This directive enables DNS lookups so that host names can be logged (and passed to CGIs/SSIs in REMOTE_HOST). The value double refers to doing double-reverse DNS. That is, after a reverse lookup is performed, a forward lookup is then performed on that result. At least one of the ip addresses in the forward lookup must match the original address. (In "tcpwrappers" terminology this is called PARANOID.)

Regardless of the setting, when mod_access is used for controlling access by hostname, a double reverse lookup will be performed. This is necessary for security. Note that the result of this double-reverse isn't generally available unless you set HostnameLookups double. For example, if only HostnameLookups on and a request is made to an object that is protected by hostname restrictions, regardless of whether the double-reverse fails or not, CGIs will still be passed the single-reverse result in REMOTE_HOST.

The default for this directive was previously on in versions of Apache prior to 1.3. It was changed to off in order to save the network traffic for those sites that don't truly need the reverse lookups done. It is also better for the end users because they don't have to suffer the extra latency that a lookup entails. Heavily loaded sites should leave this directive off, since DNS lookups can take considerable amounts of time. The utility logresolve, provided in the /support directory, can be used to look up host names from logged IP addresses offline.