禁止telnet和ssh中的client dnsname 反向解析

You can disable reverse DNS lookups for all incoming telnet connections by putting this as the first uncommented line in /etc/hosts.allow

in.telnetd: ALL

You can also be more selective, and cause the reverse lookups only to happen for certain hosts:

in.telnetd: 137.22.

The reason that reverse DNS lookups are being done at all is that the TCP Wrappers are trying to find out if access is allowed, and will collect what information they need to determine this - the ALL: PARANOID rule in /etc/hosts.deny denies access to machines without a resolvable DNS address, so if the wrappers get that far in determining whether or not to grant access, a reverse DNS query will be generated. The suggested lines in /etc/hosts.allow let the tcp wrappers decide to give a host telnet access before getting to that rule, so a reverse DNS query is never necessary.

For SSH

Edit /etc/ssh/sshd_config file and add following option:

UseDNS no

In order to remove dns lookups completely, you have to use -u0 options when starting sshd server. You can easily add this options to /etc/default/ssh or /etc/sysconfig/sshd or elsewhere suitable for your distribution.

Notes:

Reverse DNS lookups are not made by telnetd but by tcpd.

man tcpd

HOST NAME VERIFICATION
  The authentication scheme of some protocols (rlogin,  rsh)
  relies  on  host  names.  Some implementations believe the
  host name that they get from any random name server; other
  implementations  are  more  careful but use a flawed algo­
  rithm.

  tcpd verifies the client host name that is returned by the
  address->name  DNS  server by looking at the host name and
  address that are returned by the name->address DNS server.
  If  any discrepancy is detected, tcpd concludes that it is
  dealing with a host that pretends to  have  someone  elses
  host name.