[BlueOnyx:03764] Re: Slow proftp connections

Christoph Schneeberger cschnee at box.telemedia.ch
Tue Mar 2 11:08:14 -05 2010 

Rickard Osser wrote:
> On Tue, 2010-03-02 at 09:24 -0600, Chris Gebhardt - VIRTBIZ Internet
> wrote:
>   
>> Rickard Osser wrote:
>>     
>>> Hi!
>>>
>>> Do you still have occasional slow connections to ftp on BO?
>>>
>>> I've found out that "IdentLookups off" does not really work in "server
>>> config" but works correctly in "<Global>" as well as in "<VirtualHost>".
>>>
>>> If this is something you've seen or still see, comment on this as I'm
>>> pondering fixing this once and for all now.
>>>
>>> Regards,
>>>
>>> Rickard
>>>       
>> Hi Rickard,
>> I have never seen this as a problem, but we are fortunate to run a very 
>> stable DNS service, and most of the ISP's here are good about providing 
>> PTR's on their networks.
>>
>> However, I can see where it could become a problem if you have many 
>> users without proper reverse-DNS set up.  In that case, the lookups will 
>> have to time-out.  So I can see where disabling that could be helpful.
>>
>>     
> Hi Chris,
>
> it's not UseReverseDNS I'm talking about, it's the old and trustworthy
> auth/identd (tcp/113) which nobody uses anymore as nobody in their right
> mind opens tcp/113 in their firewall. :)
>
> So, the question is, should we force this off or make it optional?
>
>   
I believe the main problem is the difference in how most SoHo- to 
Enterprise-Firewalls as well as "personal Firewalls" handle connections 
to 113: Most of them silently drop the packet instead of rejecting it 
visibly with an ICMP message which would be the proper response in a 
unix-like world and would not cause any delays as if identd would have 
properly replied.
Anyway, as the information from identd is probably never ever used: I 
would vote for disabling lookups completely, I know identd lookups just 
as a source of timeouts and problems, haven't ever used them for 
anything useful in the last 20yrs and I bet thats the same for most 
BO-users and -admins.

1 vote for force to off.

Cheers,
Christoph



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20100302/70a6075c/attachment.html>

More information about the Blueonyx mailing list