Lets See Now...
When you connect to a ITAR controled released Server, your Client Software
gives it the hostname
Reverse Lookup - Server does a reverse lookup to get a IP Address
Double Reverse Lookup - Server resolves the IP Address to a Hostname
Triple Reverse lookup - Using the Hostname from the Double Reverse
it does another reverse lookup to see if the IP Addres is the same
as the Reverse Lookup. The Hostname better match as well
These lookups are done via the root Internic DNS servers for the
registered SOA Authoritative record lookups. The reverse lookups
are broken only if the root DNS servers are corrupted
After doing these checks, its resonably sure about the hostname and
the IP address. These are now used to consult the Internic database
to find out where hostname's domain is registered to, and which
geographic region the IP addres belongs
I run into these problems all the time trying to download from
the MIT Server....
Personal Opinions Provided by
Leonard Miyata
aka [EMAIL PROTECTED]
On Mon, 22 Feb 1999, Mike Batchelor wrote:
> Well, first thing - they are lying. Federal regulations do NOT require a
> reverse lookup test, they simply require that the recipient affirms that they
> are a US or Canadian citizen, and the other things.
>
> Second thing - you need to add a PTR record for the firewall's external IP
> address to the DNS. This is likely to be a duty of your ISP, since you
> probably do not have administrative control over the in-addr domain your
> firewall's IP address belongs to. Ask them to do it. But I really don't see
> how this will help the provider of the ITAR software to determine your
> location. Someone in .ru (Russia) can trivially make a PTR record for their
> IP address that claims it belongs to www.microsoft.com, and presumably the
> download site will let 'em have ITAR software all day long! :)
>
> >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
