[TriLUG] AOL's new email policy

Jeremy Portzer jeremyp at pobox.com
Fri Mar 28 15:21:26 EST 2003 

On Fri, 2003-03-28 at 15:04, Chris Merrill wrote:
> Ken Mink wrote:
> > Even if I get a domain, unless I can get RR to set up a reverse look up,
> > the reverse will still resolve to their dynamic name. Unless I'm
> > misunderstanding how resolution works, the owner of the IP address
> 
> I'm a little confused, since many domain names (virtual domains) can
> potentially map to each IP address.  It seems like this would
> break frequently.  Would it not be correct to do a lookup on the
> domain name to see if it matches the incoming IP address, rather
> than a reverse-DNS lookup?  Can a reverse-DNS lookup return only
> one domain name?  Seems like it could (and frequently should) return
> many.
> 

There is only one reverse lookup name for a given IP address.  You're
right, a given computer and IP address can have a bunch of virtual
domains hosted from it.  But there's only ever one reverse lookup value
for the IP address.  For example, if you lookup www.trilug.org,
trilug.org, moya.trilug.org, ncsysadmin.org, and bzflag.trilug.org, they
all point to 64.244.27.141 .  Then, when you do a reverse lookup, like
so:
$ host 64.244.27.141
141.27.244.64.in-addr.arpa domain name pointer moya.trilug.org.

You only get one record back, for moya.trilug.org.  There is no
provision for finding out what those other hosts are in a reverse
lookup.

You state above, "Would it not be correct to do a lookup on the
domain name to see if it matches the incoming IP address[...]"? 
That would be impossible, because a server has no idea what "domain
name" you are connecting from.  It only knows the IP address, which it
gets from the TCP/IP protocol information.  It can only do one thing --
a reverse lookup -- to try to determine "the domain name."

There is one extra step that some servers do, to make sure you don't
have a broken DNS.  They do this.  1) reverse lookup on the IP that
you're connecting from.  2)  forward lookup of the host.domain.tld that
was returned from #1.  3) If they don't match, return an error,
otherwise allow the connection. 

So, if you run a service off your dynamic IP connection, such as Road
Runner, you might register a host/domain name that points to your
dynamic IP.  But since this IP is owned by the ISP, the reverse lookup
will always be something like "user-a1b2c3.cable.mindspring.com" or
dialup-1-2-3-4.earthlink.net or whatever.  Fortunately, most ISPs are
pretty good at configuring those hostnames correctly, so that the
reverse and forward DNS matches.

Hope this helps,
Jeremy

-- 
/=====================================================================\
| Jeremy Portzer       jeremyp at pobox.com       trilug.org/~jeremy     |
| GPG Fingerprint: 712D 77C7 AB2D 2130 989F  E135 6F9F F7BC CC1A 7B92 |
\=====================================================================/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030328/387d7408/attachment.pgp>

More information about the TriLUG mailing list