[lug] Re: Virtual Hosting
John Hernandez
John.Hernandez at noaa.gov
Wed Mar 14 15:25:44 MST 2001
Given our hypothetical scenario (where there is not a 1-to-1 mapping of name-to-address, rather a many-to-1 mapping), you're basically forced to pick one of those names for reverse lookup purposes, aren't you? What would be the alternative?
A typical client app provides an IP address to the server upon connection (in the form of an IP source address). The order of lookups (for a paranoid server) is then address -> name, and then resulting-name -> address, not the other way around as you suggested. Servers are generally happy when address(in) == address(out), as you correctly stated, but that condition is satisfied by setting your PTR RR value to any one of the set of valid A RR keys.
rm at mamma.varadinet.de wrote:
>
> On Wed, Mar 14, 2001 at 12:18:05PM -0700, John Hernandez wrote:
> > For the purpose of reverse DNS lookup, you can generally pick any of the valid A RR keys for a particular IP address. As long as a reverse -> forward lookup yields a result (IP address) equivalent to your initial input, services configured to be paranoid should be satisfied.
>
> I would actually advise _against_ picking any A records for setting
> up reverse lookups. Some services get really upset if the reverse
> lookup yields strange results (esp. if they do double lookup for
> security reasons name->address and then address->name. If the address
> that comes out at the end doens't match the initial one you might
> have a problem). Most of the java VMs embedded in browsers will
> only allow an applet to request an URL if the host part of the
> URL is the same as the hopst part of the applets URL. It's easy
> to imagine what happens when a cautious security manager starts
> interacting with strange reverse lookups.
>
> Ralf
>
> >
> > -John
> >
> > Justin wrote:
> > >
> > > In BIND 8.2.x the only file that relates to what you're talking about
> > > is your reverse zone file. It's the file that maps the ip's back to
> > > specific A record host names. As far as virtual hosting I don't believe
> > > you can have a file like this for virtual use. After all, virtual hosts
> > > don't really have their own ip address, they map back to another
> > > machines A record ip address. Which, in turn, that ip address must
> > > reverse lookup to it's respective host as defined by that A record. I
> > > think this stuff is in a BIND RFC somewhere, but I'm sure. I also may
> > > be way off here, but this has been my understanding since I can
> > > remember...
> > >
> > > Justin
> > >
> > > > It was my understanding that all the virtual hosts are listed in one
> > > > file and that file is pointed back to the server IP. Maybe it
> > > > involves the $INCLUDE directive?
> > > >
> > > > Note: When you reply to this message, please include the mailing
> > > > list/newsgroup address in Cc: and my email address in To:.
> > > >
> > > > *********************************************************************
> > > > Signed,
> > > > SoloCDM
> > > > _______________________________________________
> > > > Web Page: http://lug.boulder.co.us
> > > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > > >
> > > >
> > >
> > > -----
> > > glow at jackmoves.com
> > > www.jackmoves.com
> > > _______________________________________________
> > > Web Page: http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list