CNAME map to localhost question
Brad Knowles
brad.knowles at skynet.be
Fri Jun 1 08:13:35 UTC 2001
At 8:19 PM -0700 5/31/01, Luke Hassell wrote:
> Here's the trick: due to tunneling, clients will connect to their
> localhost (127.0.0.1) for the tunnel to work (specifically http
> traffic). I would like to add a CNAME record in corporate
> DNS that points a meaningful name to "localhost". This would
> provide a better URL than
>
> http://localhost:1234
So, you have a CNAME record in the DNS called
"securetunnel.yourcompany.com", which resolves to "localhost." and
the IP address 127.0.0.1, right? Then you hand out URLs like:
http://securetunnel.yourcompany.com:1234
Right?
No, there is nothing I can think of that would cause a problem
with this. You are only affecting forward resolution (not reverse
resolution), and it's a CNAME record, so any application that may do
validation by hostname should figure out that it should canonicalize
the name first and get "localhost.", which should already match what
you've got now.
The only potential issue I can see is that if this is done on
your public DNS, you might expose (to people who might want to break
into your network) a route that might be used to more easily by-pass
the other network security you have.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list