From owner-freebsd-security Thu Nov 18 12: 4:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 7B7C815490 for ; Thu, 18 Nov 1999 12:04:28 -0800 (PST) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id MAA25442; Thu, 18 Nov 1999 12:02:59 -0800 (PST) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199911182002.MAA25442@gndrsh.dnsmgr.net> Subject: Re: [Systalk] localhost.org (fwd) In-Reply-To: from Matt Behrens at "Nov 18, 1999 01:31:23 pm" To: matt@zigg.com (Matt Behrens) Date: Thu, 18 Nov 1999 12:02:58 -0800 (PST) Cc: dillon@apollo.backplane.com (Matthew Dillon), danderse@cs.utah.edu (David G Andersen), freebsd-security@FreeBSD.ORG, bsd@a.servers.aozilla.com, matt@BabCom.ORG (matt) X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Today, Matthew Dillon wrote: > > : You can't map domain.com's IP address to the host's real IP address > : and have the reverse be domain.com ... for the host's real IP address > : the reverse must match the hostname, host.domain.com. But you *can* > : assign two IP addresses to the host (i.e. use an IP alias), making > : the IP alias resolve to domain.com both forward and reverse while the > : primary IP for the host resolves properly to host.domain.com both > : forward and reverse. > > Strictly speaking, this isn't a practical problem. Situations > where reverse and forward lookups must match (i.e. when using TCP > wrappers) operate by (a) having an IPv4 address (b) reverse-lookupping > it (c) forward-lookupping the result of the reverse lookup. > If > you assign multiple A records to a single domain name, you are > breaking spec, but it doesn't cause any practical problems > (presently...) That is not correct, infact assigning multiply A records to a given domain is _IN_ spec: gndrsh:root {1098}# host br1.dnsmgr.net br1.dnsmgr.net has address 198.145.92.125 br1.dnsmgr.net has address 198.145.92.1 gndrsh:root {1099}# host br1.chatusa.com br1.chatusa.com has address 206.163.33.174 br1.chatusa.com has address 209.222.137.174 br1.chatusa.com has address 209.222.137.177 br1.chatusa.com has address 209.222.137.14 br1.chatusa.com has address 206.251.69.1 br1.chatusa.com has address 206.251.92.2 br1.chatusa.com has address 206.163.33.14 gndrsh:root {1100}# Yes, those are host based routers, yes they really have that many IP interfaces in them, they are after all routers :-) > > Matt Behrens > Owner/Administrator, zigg.com > Chief Engineer, Nameless IRC Network > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message