Obviously my Apache httpd instance is doing reverse DNS (RDNS, give me the hostname for this IP address) lookups for each incoming client connection's IP address. This is bad. Especially since sometimes resolution fails with a missing PTR record - after 28secs.
Diagnostics: I added %D to my "combined" log style and looked at the response times this way: Clearly <1s for all those that are logged with their hostname and 20+s for those that get their IP logged.
This is what I tried:
- Turn off the
server-statusextension. - Check that
HostnameLookups Offis in the config. - Check that
mod_accessis not given any hostname in anAllow/Denyrule. - Check that reverse proxied servers follow the same rules.
What have I missed?
It seems the standard Ubuntu 8.04 Apache httpd install comes with a
LogFormatthat starts with%hand that does a client IP's RDNS lookup. Why oh why?? Replacing it with%a(remote IP address, see custom log formats) reduces this problem by ca. 90%. Some remain...Have you verified
HostnameLookupsis not set in any other directive? Have you activated the module mod_authz_host?I stumbled over the same problem and I discovered another source of reverse lookups: the applications themselves! PHP has the
gethostbyaddr()function:http://php.net/manual/en/function.gethostbyaddr.php
Interestingly, I just ran into a similar issue on one of my servers. The problem started right around the time I ran a command-line PHP script that scanned the log files for the top IP addresses. Then I had PHP perform a reverse DNS lookup on each IP address. Right around the time I did this, I noticed that Apache suddenly started dumping hostnames into the logs instead of IP addresses. Switching to %a from %h and restarting Apache seems to have cleared up the problem. HostnameLookups is set to Off. My guess is that Apache just uses locally cached results if there happens to be a reverse lookup for the IP in the cache. Maybe? Either that or this is a bug in the server.