--On onsdag, onsdag 12 mar 2008 15.01.12 -0400 "Yngve N. Pettersen" <[EMAIL PROTECTED]> wrote:
> The problem area can possibly be defined as "How do we determine that two > host names and/or domains within a specific hirearchy are administrated > by the same entity?" . You are, as others no doubt have told you, hammering shut a square leak with a round peg. The ugly hack answer to your question is to ask for the triplet nodename-class-some_unallocated_recordtype and check whether the SOA record returned in the AUTHORITY is identical. (NB: That a "solution" can be devised as above is by no means an endorsement of this practice) Now, this information, since it is used in a security verification context, is useless, even dangerous, without DNSSEC. OTOH, with DNSSEC, you can determine this securely, and the methods are a bit nicer. I remain unconvinced, though, that this is a problem best solved by assuming things about the administrative domain limits that might or might not correlate with the administrative authority structure of the DNS. -- Måns Nilsson Systems Specialist +46 70 681 7204 cell KTHNOC +46 8 790 6518 office MN1334-RIPE I'm also pre-POURED pre-MEDITATED and pre-RAPHAELITE!!
pgpToy8Z5XYKt.pgp
Description: PGP signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
