hosts

John Summerfied Tue, 01 Nov 2005 04:53:34 -0800

Alan Cox wrote:

On Maw, 2005-11-01 at 17:34 +0800, John Summerfied wrote:

We had a similar issue with Oracle on AIX, it was only a problem with a
multi-homed guest.  In that circumstance oracle defaulted to looking at
the hosts file to know what interface / name itself was.


Is there a problem with uname(2)?



Nothing says uname and DNS names are matching or that uname is a full
name.


And I thought my box where they don't match was misconfigured:-)


Even a single homed host may have multiple names and one of the fun
things with tcp/ip and the like is working out what to use when you send
your address to someone else over a connection. NAT makes it even worse
but thankfully NAT has killed most protocols that do this at all 8)

Convention (and RFC suggestions) say:
        take the lowest non loopback address
        do a reverse lookup on it

In practice that goes wrong with private networks (10.* is generally
lowest).

An interface doesn't have a name any more than a host does, it may
likewise have several.


I haven't figured a sane way of configuring this:

[ Internet ] === <ext=int> == LAN

so LAN members can use the external IP address to refer to an internal
server. The gw box (<ext=int>) goes bereft when such traffic arrives on
the wrong side.

A consequence is that root kits can't tell what the real IP address is
(though anyone here could by reading the headers in the email they
send). I tend to put the real address on dummy0, eth1:0 or some such.

There's no guarantee that any name found by Alan's suggestion is any
better than what uname(2) provides (I discovered that with the hostname
command), or even that whatever is in /etc/hosts is the right name to
use. At our school, I can contemplate running a multihomed server
providing different services (but maybe same software) to students and
staff, and that larger enterprises might want to categorise users
similarly - internal vs external, special services for some groups
excluding others. I appreciate that VM helps here, but it's not the only
solution.




--

Cheers
John

-- spambait
[EMAIL PROTECTED]  [EMAIL PROTECTED]
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/

do not reply off-list

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

Re: /etc/hosts

Reply via email to