Bug 820876

Summary: vsftpd DNS lookup cannot be disabled
Product: Red Hat Enterprise Linux 6 Reporter: Sebastien Caps <sebastien.caps>
Component: vsftpdAssignee: Jiri Skala <jskala>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.2CC: aglotov, ovasik
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-05-11 10:15:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Sebastien Caps 2012-05-11 09:30:33 UTC
Description of problem:
vsftpd DNS lookup cannot be disabled.
This bug have been resolv in 5.x with the option 'reverse_lookup_enable'
but in 6.2 this option is no longer available

https://rhn.redhat.com/errata/RHBA-2009-1282.html :
...
* the DNS reverse lookup feature was implemented without any way to disable
it. This update contains the parameter 'reverse_lookup_enable', which
allows users to enable or disable the DNS reverse lookup functionality.
(BZ#498548) 
...
Version-Release number of selected component (if applicable):
rpm -qi vsftpd
Name : vsftpd Relocations: (not relocatable)
Version : 2.2.2 
Release : 6.el6_2.1

How reproducible:
ALWAYS
Steps to Reproduce:
1. having 2(or more) nameserver in /etc/resolv.conf that is NOT reachable
2. and then try to connect to the ftp server.
  
Actual results:
Connection timed out

Expected results:
Connection succesfull

Additional info:
trying with "reverse_lookup_enable=NO"
service vsftpd restart
Shutting down vsftpd: [FAILED]
Starting vsftpd for vsftpd: 500 OOPS: unrecognised variable in config file: reverse_lookup_enable
                                                           [FAILED]

Comment 2 Jiri Skala 2012-05-11 10:15:57 UTC
The fix will be available in the next update 6.3.

*** This bug has been marked as a duplicate of bug 752954 ***