On Fri, 2003-03-28 at 15:04, Chris Merrill wrote: > Ken Mink wrote: > > Even if I get a domain, unless I can get RR to set up a reverse look up, > > the reverse will still resolve to their dynamic name. Unless I'm > > misunderstanding how resolution works, the owner of the IP address > > I'm a little confused, since many domain names (virtual domains) can > potentially map to each IP address. It seems like this would > break frequently. Would it not be correct to do a lookup on the > domain name to see if it matches the incoming IP address, rather > than a reverse-DNS lookup? Can a reverse-DNS lookup return only > one domain name? Seems like it could (and frequently should) return > many. >
There is only one reverse lookup name for a given IP address. You're right, a given computer and IP address can have a bunch of virtual domains hosted from it. But there's only ever one reverse lookup value for the IP address. For example, if you lookup www.trilug.org, trilug.org, moya.trilug.org, ncsysadmin.org, and bzflag.trilug.org, they all point to 64.244.27.141 . Then, when you do a reverse lookup, like so: $ host 64.244.27.141 141.27.244.64.in-addr.arpa domain name pointer moya.trilug.org. You only get one record back, for moya.trilug.org. There is no provision for finding out what those other hosts are in a reverse lookup. You state above, "Would it not be correct to do a lookup on the domain name to see if it matches the incoming IP address[...]"? That would be impossible, because a server has no idea what "domain name" you are connecting from. It only knows the IP address, which it gets from the TCP/IP protocol information. It can only do one thing -- a reverse lookup -- to try to determine "the domain name." There is one extra step that some servers do, to make sure you don't have a broken DNS. They do this. 1) reverse lookup on the IP that you're connecting from. 2) forward lookup of the host.domain.tld that was returned from #1. 3) If they don't match, return an error, otherwise allow the connection. So, if you run a service off your dynamic IP connection, such as Road Runner, you might register a host/domain name that points to your dynamic IP. But since this IP is owned by the ISP, the reverse lookup will always be something like "user-a1b2c3.cable.mindspring.com" or dialup-1-2-3-4.earthlink.net or whatever. Fortunately, most ISPs are pretty good at configuring those hostnames correctly, so that the reverse and forward DNS matches. Hope this helps, Jeremy -- /=====================================================================\ | Jeremy Portzer [EMAIL PROTECTED] trilug.org/~jeremy | | GPG Fingerprint: 712D 77C7 AB2D 2130 989F E135 6F9F F7BC CC1A 7B92 | \=====================================================================/
signature.asc
Description: This is a digitally signed message part
