> -----Original Message-----
> From: David Wall [mailto:[EMAIL PROTECTED]]
> Sent: 10 May 2001 22:23
> To: John Ott; [EMAIL PROTECTED]
> Subject: Re: DNS lookup
> What's interesting, of course, is that this is not been a
> problem for any
> browser we've tested before we ran into the AOL issue. And
> the concept
> seems broken, though, as a means of making SSL work. Most reverse IP
> addresses point to the real host name which is often
> different than name of
> the web server.
In some cases the real host name might even be on a different domain. I know
of one ISP in the UK that uses a single IP address and name based hosts to
host multiple sites. The reverse DNS of course gives hostname.domain.
Why is it that browser manufacturers keeping messing with the underlying
TCP/IP stack? Recent versions of IE cache DNS requests, so if a host doesn't
exist when you start your browser and you get "not found", you can't connect
to it without closing all your browser Windows and starting again. It does
save on DNS lookups, but IMHO it's a backward step.
It may seem that at present it's a bit of a moot point since you can't have
multiple SSL sites on a single IP, but it does mean that anyone who was set
up a secure site as a "CNAME" of their "www" IP address has to find another
IP address just for their secure site to have a unique reverse DNS. Also, it
is possible that a browser may be released that supports RFC2818 (I think
that's the right number) and any sites taking advantage of that wouldn't
work with AOL's browser.
Can't we complain on mass to AOL?
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
