Ben Leslie wrote:
On Thu Dec 07, 2006 at 15:17:47 +1100, O Plameras wrote:
Glen Turner wrote:
O Plameras wrote:
Just a footnote: one CANNOT register to be authoritative for a set of
public ip addresses that
one does not own. One has to pay (or be authorized by) the owner of
the public ip addresses to use
it for the services previously mentioned.
Um, I can point
www.example.aarnet.edu.au
to whatever IP address I care to. I don't need the IP address owner's
permission. I do need to be able to update the zone
example.aarnet.edu.au,
either manually or using dynamic DNS.
It's the reverse DNS that the owner of the IP address space controls.
So, what happens when you do,
www.example.aarnet.edu.au A IN 203.7.132.1
in your live DNS,
The name www.example.aarnet.edu.au will resolve to 203.7.132.1
It will resolve ONLY within aarnet.edu.au but NOT the INTERNET. And
even if it resolves within aarnet.edu.au domain users their cannot access
successfully http://www.aarnet.edu.au because registration as authorative
for a set of public ip address is a process that is a lot more that just
having
a correct technical entry in your live DNS.
and I or anyone say at AOL will not successfully access
http://www.example.aarnet.edu.au.
.ummm, you won't get to successfully access the site as that host
doesn't appear to have a webserver running on port 80...
No. You won't be able to reach that point of accessing port 80 because first
you have to find the ip address 203.7.132.1. And you won't be
able to find the computer hosting www.example.aarnet.edu.au even if
there is an entry in aarnet.edu.au DNS.
Do a,
# whois 203.7.132.1
and you'll see this ip address is not owned by
aarnet.edu.au
of course.
Correct! But so what?
Because accessing a WEB server successfully is more that just resolving.
For example, your domain must be authorative for that public ip address.
This is not like administering a HOME network. It's the INTERNET.
What you are effectively saying is you can because 'you can'; then it's
like saying you can break-in
in to a property because you can,
There is enough protection against people who wish to break-in just
like there is enough
protection against people who wish to attack networks maliciously.
Even after you have the entries in your live DNS you still have to go
through a
process in order that you will be authorized to associate
(authorative) www.example.aarnet.edu.au
to 203.7.132.1 as far as the INTERNET is concerned. It involves more
that one Organizations.
Breaking-in is wrong and not allowed
by the process. That's why even if it resolves to the number within
aarnet.edu.au domain
it will not on the INTERNET. That's why this
resolution will not produce the desired result namely, access
www.example.aarnet.edu.au successfully.
I think there is a document that spells out the procedures and rules
about this in aunic.
O Plameras
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
