diff --git a/SOURCES/openssh-7.4p1-usedns-yes.patch b/SOURCES/openssh-7.4p1-usedns-yes.patch
new file mode 100644
index 0000000..492e9c0
--- /dev/null
+++ b/SOURCES/openssh-7.4p1-usedns-yes.patch
@@ -0,0 +1,46 @@
+Revert 3cd5103c1e1aaa59bd66f7f52f6ebbcd5deb12f9
+
+diff --git a/servconf.c b/servconf.c
+index 475076bf2..318546290 100644
+--- a/servconf.c
++++ b/servconf.c
+@@ -308,7 +308,7 @@ fill_default_server_options(ServerOptions *options)
+ 	if (options->max_sessions == -1)
+ 		options->max_sessions = DEFAULT_SESSIONS_MAX;
+ 	if (options->use_dns == -1)
+-		options->use_dns = 0;
++		options->use_dns = 1;
+ 	if (options->client_alive_interval == -1)
+ 		options->client_alive_interval = 0;
+ 	if (options->client_alive_count_max == -1)
+diff --git a/sshd_config b/sshd_config
+index e9045bc4d..c9042ac3c 100644
+--- a/sshd_config
++++ b/sshd_config
+@@ -112,7 +112,7 @@ UsePrivilegeSeparation sandbox		# Default for new installations.
+ #ClientAliveInterval 0
+ #ClientAliveCountMax 3
+ #ShowPatchLevel no
+-#UseDNS no
++#UseDNS yes
+ #PidFile /var/run/sshd.pid
+ #MaxStartups 10:30:100
+ #PermitTunnel no
+diff --git a/sshd_config.5 b/sshd_config.5
+index 4fd93d68e..cf57c609f 100644
+--- a/sshd_config.5
++++ b/sshd_config.5
+@@ -1379,10 +1379,12 @@ should look up the remote host name and check that
+ should look up the remote host name, and to check that
+ the resolved host name for the remote IP address maps back to the
+ very same IP address.
++The default is
++.Dq yes .
+ .Pp
+ If this option is set to
+ .Cm no
+-(the default) then only addresses and not host names may be used in
++then only addresses and not host names may be used in
+ .Pa ~/.ssh/authorized_keys
+ .Cm from
+ and
diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec
index 6f417e6..69a8ae4 100644
--- a/SPECS/openssh.spec
+++ b/SPECS/openssh.spec
@@ -64,7 +64,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %define openssh_ver 7.4p1
-%define openssh_rel 11
+%define openssh_rel 12
 %define pam_ssh_agent_ver 0.10.3
 %define pam_ssh_agent_rel 1
 
@@ -237,6 +237,8 @@ Patch953: openssh-7.4p1-sandbox-ppc64le.patch
 Patch954: openssh-7.4p1-ControlPath_too_long.patch
 # sandbox-seccomp for ibmca engine from upstream (#1451809)
 Patch955: openssh-7.4p1-sandbox-ibmca.patch
+# Back to UseDNS=yes by default (#1478175)
+Patch956: openssh-7.4p1-usedns-yes.patch
 
 License: BSD
 Group: Applications/Internet
@@ -484,6 +486,7 @@ popd
 %patch953 -p1 -b .seccomp
 %patch954 -p1 -b .ControlPath
 %patch955 -p1 -b .ibmca
+%patch956 -p1 -b .usedns
 
 %patch200 -p1 -b .audit
 %patch202 -p1 -b .audit-race
@@ -809,6 +812,9 @@ getent passwd sshd >/dev/null || \
 %endif
 
 %changelog
+* Mon Aug 07 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-12 + 0.10.3-1
+- Revert upstream change to UseDNS=no back to yes (#1478175)
+
 * Mon May 22 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-11 + 0.10.3-1
 - Compiler warnings (#1341754)