On Thu Dec 07, 2006 at 15:59:45 +1100, O Plameras wrote: >Ben Leslie wrote: >>On Thu Dec 07, 2006 at 15:17:47 +1100, O Plameras wrote: >>>>It's the reverse DNS that the owner of the IP address space controls. >>>> >>>So, what happens when you do, >>> >>>www.example.aarnet.edu.au A IN 203.7.132.1 >>> >>>in your live DNS, >>> >> >>The name www.example.aarnet.edu.au will resolve to 203.7.132.1 >> >> >It will resolve ONLY within aarnet.edu.au but NOT the INTERNET.
Incorrect. >And >even if it resolves within aarnet.edu.au domain users their cannot access >successfully http://www.aarnet.edu.au because registration as authorative >for a set of public ip address is a process that is a lot more that just >having >a correct technical entry in your live DNS. Incorrect. >>>and I or anyone say at AOL will not successfully access >>>http://www.example.aarnet.edu.au. >>> >> >>.ummm, you won't get to successfully access the site as that host >>doesn't appear to have a webserver running on port 80... >> > >No. You won't be able to reach that point of accessing port 80 because first >you have to find the ip address 203.7.132.1. Incorrect. You can find that ip address. > And you won't be >able to find the computer hosting www.example.aarnet.edu.au even if >there is an entry in aarnet.edu.au DNS. Yes I will. >> >>Correct! But so what? >> >> > >Because accessing a WEB server successfully is more that just resolving. Correct! >For example, your domain must be authorative for that public ip address. Incorrect! >This is not like administering a HOME network. It's the INTERNET. No way! Not the INTERNET! >What you are effectively saying is you can because 'you can'; then it's >like saying you can break-in >in to a property because you can, No that is a very different thing. >There is enough protection against people who wish to break-in just >like there is enough >protection against people who wish to attack networks maliciously. What am I breaking into? >Even after you have the entries in your live DNS you still have to go >through a >process in order that you will be authorized to associate >(authorative) www.example.aarnet.edu.au >to 203.7.132.1 as far as the INTERNET is concerned. It involves more >that one Organizations. Incorrect. >Breaking-in is wrong and not allowed >by the process. Nothing is being broken into. > That's why even if it resolves to the number within >aarnet.edu.au domain >it will not on the INTERNET. That's why this >resolution will not produce the desired result namely, access >www.example.aarnet.edu.au successfully. Yes it will. >I think there is a document that spells out the procedures and rules >about this in aunic. There is no document describing such a process because the process you describe is wrong. DNS is basically just a big map NAME -> IP ADDRESS The name bit is kind of divided up into a tree. When you register a domain name you get the right to add any mappings underneath your domain. E.g: I have registered benno.id.au, so I can create any mappings *.benno.id.au -> ip address. No one can stop me doing that! I can point any name to any ip address I want! They can exist, not exist, whatever! Now there is also a reverse mapping ip address -> name I can't just go and put anything in there. But guess what, for resolving a name, there doesn't need to be a reverse mapping! Benno -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
