Entries in /etc/hosts.deny are ignored - host name/address mismatch

Question

in my /etc/hosts.deny I have listed several domains of known scanners/bots that do not have good intentions or at least cause senseless traffic by permanently scanning my server.

So one line there for an example looks like this:

ALL : .privatelayer.com, .hdrn.nu, .internet-census.org, .internet-albedo.net, .onyphe.net, .binaryedge.ninja, .censys-scanner.com, .internet-measurement.com, .internettl.org, .shodan.io, .inspici.com, 88.149.177.205, .hadrian.io

But now when I have a look into /var/log/auth.log, I can find entries like this

warning: /etc/hosts.deny, line 18: host name/address mismatch: 141.255.166.90 != hostedby.privatelayer.com

Furthermore the IP 141.255.166.90 is still allowed to access my server, the entry seems to be have no effect.

And when I lookup this IP, I get the following result:

nslookup 141.255.166.90
90.166.255.141.in-addr.arpa     name = hostedby.privatelayer.com.

So why is it ignoring my entry ".privatelayer.com"? Shouldn't this entry act as a wildcard and cover "hostedby.privatelayer.com" too?

Thanks!

score 0 · Answer 1 · answered Feb 28 '25 at 11:57

I suggest you should use firewalls like iptables or firewalld.

To block incoming traffic instead of adding entries in hosts.deny.

Modern services like nginx, httpd, or custom Node.js applications do not use TCP Wrappers.

The /etc/hosts.deny and /etc/hosts.allow files are part of TCP Wrappers (libwrap), which only work with services compiled to support it, such as: sshd vsftpd telnetd xinetd services

Entries in /etc/hosts.deny are ignored - host name/address mismatch

1 Answers1