On 05/07/2013 04:15 PM, Stuart Henderson wrote:
On 2013/05/07 16:09, Ted Unangst wrote:
On Tue, May 07, 2013 at 20:54, Stuart Henderson wrote:
I don't like logging both because there's a not unreasonable chance
the reverse name will be a complete lie, which will just mislead you.
Oh, it doesn't do a forward check of the name it got from reverse
lookup? Yes that's bad.
Well, it kind of does. It does a reverse lookup to get a hostname.
Then it does a forward lookup for that hostname and logs that IP. doh.
Forward lookup? Yes. Forward *check*? No.
Wow.
*stab stab stab*
lesson: dns can lie.
maybe more accurate: reverse dns is sometimes correct.
There is no promise that forward and reverse DNS provide the same info.
Forward and reverse DNS are like the ski resort, where girls are looking
for husbands and husbands are looking for girls, but the situation is
not quite as symmetrical as you might think or hope.
(ok, that's a overly stretched analogy, but I've been wanting to use it
for a long time!)
log the IP, only the IP, nothing but the IP.
Anything you do with DNS from there is you fooling yourself, and
hopefully you understand what it means.
Nick.
