# Preventing DNS querying for LAN

## JohnLM

It is known that Linux has this behaviour of querying every passed network address for DNS - peculiarly that includes passed IPs as well, what I wasn't aware of before. (Query IP to get its IP???)

To make things worse, it queries it's LAN IPs, what in my eyes poses a security risk if the first DNS server is located outside LAN.

This came to my attention when using SSH and FTP protocols on my network, while WAN was disconnected and/or DNS queries were filtered out. As result SSH handshake was slowed down to timeout of DNS query, and FTP refused connection with address that cannot be queried.

I'd be thankful if anyone explained how to prevent DNS queries for LAN (for IPs referring to local network devices), a painless way to make sure this is what actually happens and also why IPs are queried in the first place.

----------

## PaulBredbury

For an ssh server, set in its /etc/ssh/sshd_config:

UseDNS no

 *Quote:*   

> Query IP to get its IP???

 

Are you sure you understand that DNS stands for domain *NAME* system. It's to look up a name.

----------

## krinn

 *JohnLM wrote:*   

> 
> 
> To make things worse, it queries it's LAN IPs, what in my eyes poses a security risk if the first DNS server is located outside LAN.
> 
> 

 

everytime you're sending packets to someone, you're adress goes with it into the packets, that's why even without been in dmz your computer could still received answers from others.

So what you think is a security risk, is just how tcp works.

And if you want stop the dns queries, specially for your own computer, just push its name and ip to /etc/hosts (look how localhost is set, or read gentoo installation manual)

----------

## JohnLM

Sorry for *really* late answer. My server broke so misplaced DNS queries was the last thing on my mind.

Anyway what I did in the end if fill the /etc/hosts with the IPs and names for whole LAN on every machine, which solved most of my DNS problems.

----------

