Re: enableLookups=true, getRemoteHost returns ip

2009-01-29 Thread otismo 

Thanks, Konstantin, for the thorough response!

I was failing to grasp that the forward lookup portion of the method was
failing because there was no forward dns mapping.  I thought it was failing
locally inside the java code, not in the dns system.  

To confirm the lack of a dns mapping, I used host ip address and
received a host name.  Then I tried host host name and got a host not
found message.

Since it's not critical that I prevent spoofing in my app, I'm using a
variation of the jndi dns code you pointed out in
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4670102.

Thanks again,
Peter
-- 
View this message in context: 
http://www.nabble.com/enableLookups%3Dtrue%2C-getRemoteHost-returns-ip-tp21696774p21731881.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: enableLookups=true, getRemoteHost returns ip

2009-01-28 Thread Konstantin Kolinko 
2009/1/28 otismo pe...@nomad.org:

 I'm struggling to get enableLookups to work on a new Ubuntu 8.10 tomcat
 6.0.18 install.  Calls to httpServletRequest.getHostName() always return the
 IP, instead of the host name.  I set the access log to resolve hosts and it
 also shows the ip.

 Tomcat 6.0.18 and the same webapp perform the reverse lookups fine on a
 WindowsXP machine.  It doesn't appear to be a permissions problem, as I've
 temporarily granted AllPermission to my webapp.  I've traced it down to
 java.net.InetAddress.getAddressFromNameService(String host, InetAddress
 reqAddr) and the subsequent call to
 sun.net.spi.nameservice.NameService.lookupAllHostAddr(host), which returns
 null.

 Inside getAddressFromNameService, the host is the valid host that I wish
 would be returned.  Since the lookupAllHostAddr(host) call fails,
 getAddressFromNameService then throws an UnknownHostException.

 I also tried setting -Dsun.net.spi.nameservice.provider.1=dns,sun but that
 didn't make a difference.

 Could it be a dns config issue on my ubuntu box (hosted by slicehost)?
 Using the host command and an IP in question returns the host name that I
 want to get back from httpServletRequest.getRemoteHost().  Any tips for me?
 I'm a linux noob.


It is a bit hard to read your message, because you traced it down
too deeply - the real cause / explanation is one level above that
getAddressFromNameService() call.

To get host name from its IP a reverse DNS lookup is performed.
That is,

java.net.InetAddress.getHostName() is called.

You problem is that that call fails and does not return the name of
the remote host. You can write a simple standalone Java program
and test that call on that ubuntu box.

Looking in to the JDK sources (I have 1.6.0_07 one), I see that
getHostName() method is implemented as a call to private method
java.net.InetAddress.getHostFromNameService()

The implementation of getHostFromNameService() has two steps:

1). reverse DNS lookup of Host name by its IP,
 - nameService.getHostByAddr( ..) call

2). forward DNS lookup of IP addresses for the found host name,
 - InetAddress.getAllByName0(...) call

and the second step checks, that the IP address whose Host name
you were asking is among the IP addresses for that name.

It does it to prevent DNS spoofing. If the check fails, the method rejects
the host name that it has found, and returns the IP address.

It is this second step that fails in your case.

Thus, it is Sun JRE issue, or feature, and not Tomcat one.


Some searching found the following:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4148388

That is, such behavior is there since 1.1.* versions of JRE.

Also,
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4670102
proposes a workaround that uses a JNDI call to implement a DNS
lookup. Do not know, whether that works. Also, a comment there
mentions the https://javadns.dev.java.net/ project.


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

enableLookups=true, getRemoteHost returns ip

2009-01-27 Thread otismo 

I'm struggling to get enableLookups to work on a new Ubuntu 8.10 tomcat
6.0.18 install.  Calls to httpServletRequest.getHostName() always return the
IP, instead of the host name.  I set the access log to resolve hosts and it
also shows the ip.  

Tomcat 6.0.18 and the same webapp perform the reverse lookups fine on a
WindowsXP machine.  It doesn't appear to be a permissions problem, as I've
temporarily granted AllPermission to my webapp.  I've traced it down to
java.net.InetAddress.getAddressFromNameService(String host, InetAddress
reqAddr) and the subsequent call to
sun.net.spi.nameservice.NameService.lookupAllHostAddr(host), which returns
null. 

Inside getAddressFromNameService, the host is the valid host that I wish
would be returned.  Since the lookupAllHostAddr(host) call fails,
getAddressFromNameService then throws an UnknownHostException.

I also tried setting -Dsun.net.spi.nameservice.provider.1=dns,sun but that
didn't make a difference.

Could it be a dns config issue on my ubuntu box (hosted by slicehost)? 
Using the host command and an IP in question returns the host name that I
want to get back from httpServletRequest.getRemoteHost().  Any tips for me? 
I'm a linux noob.

Thanks,
Peter
-- 
View this message in context: 
http://www.nabble.com/enableLookups%3Dtrue%2C-getRemoteHost-returns-ip-tp21696774p21696774.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org