about DNS mapping method
Bobo
rainbowave at yahoo.com
Thu Oct 5 09:12:57 UTC 2000
I really appreciate your comments, Thor, Okenve, Kevin
and Peter.
You indicated such a lot of points on my suggestion.
Now, I consider that bidirectional mapping will affect
many-to-one case
if without any modification.
Actually, many-to-one A records exist.
Such as,
<forward>
USC-ISIC.ARPA IN A 10.0.0.52
C.ISI.EDU IN A 10.0.0.52
If without any modification, the result will be same
as following records.
<reverse>
52.0.0.10.in-addr.arpa IN PTR USC-ISIC.ARPA.
52.0.0.10.in-addr.arpa IN PTR C.ISI.EDU.
Just as what Thor said, I agree with that this is
harmful to the security.
How about the following modification? Is it still
cause the security problem?
52.0.0.10.in-addr.arpa
<relation> USC-ISIC.APRA.
52.0.0.10.in-addr.arpa
<relation> cname C.ISI.EDU.
If an argument is added to the <PTR or A> record to
ditinguish cname and alias,
then the server will only return the C.ISI.EDU back to
the client.
Cokenve, are you with me in above suggestion, this
time?
Peter, thanks for your kind suggestion again.
Best Regards
Bobo
__________________________________________________
Do You Yahoo!?
Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
http://photos.yahoo.com/
More information about the bind-users
mailing list