From owner-freebsd-security Thu Nov 18 10:30:52 1999 Delivered-To: freebsd-security@freebsd.org Received: from megaweapon.zigg.com (megaweapon.zigg.com [206.114.60.8]) by hub.freebsd.org (Postfix) with ESMTP id 05D9E154C7 for ; Thu, 18 Nov 1999 10:30:39 -0800 (PST) (envelope-from matt@zigg.com) Received: from localhost (matt@localhost) by megaweapon.zigg.com (8.9.3/8.9.3) with ESMTP id NAA21260; Thu, 18 Nov 1999 13:31:23 -0500 (EST) (envelope-from matt@zigg.com) Date: Thu, 18 Nov 1999 13:31:23 -0500 (EST) From: Matt Behrens To: Matthew Dillon Cc: David G Andersen , freebsd-security@FreeBSD.ORG, bsd@a.servers.aozilla.com, matt Subject: Re: [Systalk] localhost.org (fwd) In-Reply-To: <199911181812.KAA86247@apollo.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Today, Matthew Dillon wrote: : You can't map domain.com's IP address to the host's real IP address : and have the reverse be domain.com ... for the host's real IP address : the reverse must match the hostname, host.domain.com. But you *can* : assign two IP addresses to the host (i.e. use an IP alias), making : the IP alias resolve to domain.com both forward and reverse while the : primary IP for the host resolves properly to host.domain.com both : forward and reverse. Strictly speaking, this isn't a practical problem. Situations where reverse and forward lookups must match (i.e. when using TCP wrappers) operate by (a) having an IPv4 address (b) reverse-lookupping it (c) forward-lookupping the result of the reverse lookup. If you assign multiple A records to a single domain name, you are breaking spec, but it doesn't cause any practical problems (presently...) Matt Behrens Owner/Administrator, zigg.com Chief Engineer, Nameless IRC Network To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message