How to disable reverse DNS lookup in SSH

SSH servers often pause before displaying a login prompt because of reverse DNS lookups on connecting source addresses. On busy or misconfigured networks this lookup can stall for several seconds, causing noticeable delays for interactive sessions and automated tools.

The OpenSSH daemon sshd reads the /etc/ssh/sshd_config configuration file and, by default, performs a reverse DNS query for each incoming IP address. The UseDNS directive controls this behavior: with UseDNS yes, sshd resolves the client address and verifies that the hostname maps back to the same IP; with UseDNS no, the daemon skips the reverse lookup and proceeds directly to authentication.

Changing UseDNS affects how log entries record client hostnames and slightly reduces the cross-checking performed on remote addresses. Environments that already rely on firewall rules, key-based authentication, and logging by IP usually lose little by disabling reverse DNS, but configuration edits in /etc/ssh/sshd_config always carry a risk of disrupting remote access if syntax errors are introduced. Applying the change with sudo privileges, validating the configuration, and restarting sshd in a controlled way keeps access reliable.

UseDNS
Specifies whether sshd(8) should look up the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address. The default is “yes”.

Steps to disable reverse DNS lookup in SSH:

Open a terminal on the SSH server with an account that has sudo privileges.
```
$ whoami
user
```
Open the OpenSSH daemon configuration file /etc/ssh/sshd_config in a text editor.
```
$ sudo vi /etc/ssh/sshd_config
```
Any preferred editor such as vi, nano, or vim can be used to edit /etc/ssh/sshd_config.
Search inside the configuration file for an existing UseDNS directive.

In vi, use /UseDNS to jump to the directive if it already exists.
Uncomment the UseDNS directive and set its value to no to disable reverse DNS lookups.
```
UseDNS no
```
Add the line if it does not exist and remove any leading # character if the directive is commented out.
Save the configuration file after updating the directive.

For vi, use :w to write changes to disk before closing the editor.
Validate the updated sshd configuration syntax before restarting the service.
```
$ sudo sshd -t
```
Syntax errors in /etc/ssh/sshd_config can prevent sshd from starting, which may block new SSH logins until the error is corrected locally.

Related: How to check and validate the SSH server configuration
Restart the SSH daemon to apply the updated settings.
```
$ sudo systemctl restart ssh
```
Some distributions use the service name sshd instead of ssh; adjust the command accordingly. Related: How to manage the SSH server service with systemctl in Linux
Confirm that the effective configuration reports reverse DNS lookup as disabled.
```
$ sudo sshd -T | grep usedns
usedns no
```
The sshd -T output shows the merged configuration after applying all included files and defaults, ensuring the UseDNS setting is active.
Optionally verify a faster login from a remote client after disabling reverse DNS lookup.
```
$ ssh user@host.example.net
user@host:~$
```
With reverse DNS lookups disabled, the SSH login banner typically appears more quickly on networks with slow or unreliable DNS.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.