日記/2005/05/08/ProFTPDの認証が時間がかかる

ProFTPDの認証で異常に時間がかかる場合、以下の二つの指示子をoffにする事を検討してみること。

UseReverseDNS off
IdentLookups off

UseReverseDNS :

Normally, incoming active mode data connections and outgoing passive 
 mode data connections have a reverse DNS lookup performed on
 the remote host's IP address. In a chroot environment (such as
  or DefaultRoot), the /etc/hosts file cannot be checked
 and the only possible resolution is via DNS. If for some reason,
 DNS is not available or improperly configured this can result in
 proftpd blocking ("stalling") until the libc resolver code times out.
Disabling this directive prevents proftpd from attempting to
 reverse-lookup data connection IP addresses.

IdentLookups :

Normally, when a client initially connects to proftpd, the ident protocol 
(RFC1413) is used to attempt to identify the remote username. This can be 
controlled via the IdentLookups directive.

実際に試した効果としては、UseReverseDNSのoffよりはIdentLookupのoffの方が劇的な効果があった。(UseReverseDNSの効果が無い、というわけではない)