Pro tip: set `UseDNS no` in your sshd_config to disable reverse DNS lookups for every single ssh connection to your host.
-
Pro tip: set `UseDNS no` in your sshd_config to disable reverse DNS lookups for every single ssh connection to your host.
It provides no filtering or validation purpose, afaik, and seems to only generate excess DNS traffic.
This lesson brought to you by the 66k DNS lookups in the past 24hrs from a single public facing forgejo jail.
-
Pro tip: set `UseDNS no` in your sshd_config to disable reverse DNS lookups for every single ssh connection to your host.
It provides no filtering or validation purpose, afaik, and seems to only generate excess DNS traffic.
This lesson brought to you by the 66k DNS lookups in the past 24hrs from a single public facing forgejo jail.
@BastilleBSD Mostly harmless, but you should be aware it also switches off DNS lookups for Match Host directives.
UseDNS Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address.
If this option is set to no, then only addresses and not host names may be used in ~/.ssh/authorized_keys from and sshd_config Match Host directives. The default is “yes”.
-
S stefano@mastodon.bsd.cafe shared this topic
