General DNS questions

Chip Old fold at bcpl.net
Tue May 22 03:32:09 UTC 2001


On Tue, 22 May 2001, Brad Knowles wrote:

> IIRC, Apple does this.  They couldn't be bothered to implement a full
> nameserver on Macintosh, but they didn't want to be stuck with a
> non-recursive resolver, so they struck off on their own separate
> totally bizarre route and decided to create a recursive resolver.
> Indeed, IIRC the early versions would actually "cache" the data they
> looked up in a local HOSTS.TXT file, so that they would never again
> have to go looking for that information.

The caching was done back when MacTCP was the standard TCP/IP stack for
Macs (prior to Mac OS 7.5 or thereabouts).  That was a LONG time ago and
memory fades, but IIRC the cache file was MacTCP DNR, not the hosts file.
It was a pain if you got corrupted or bad data in the cache, because the
only way to clear it was to delete MacTCP DNR, then reboot to create a new
MacTCP DNR.  AFAIK the modern Open Transport TCP/IP stack's resolver
doesn't cache.

> However, you *CAN* still create a local HOSTS file (they finally
> dropped the ".TXT" ending, and indeed you can call it anything you
> want, so long as you identify it to the OS as a "HOSTS file"), and
> that local HOSTS file will completely over-ride anything you may
> happen to want to look up in the DNS.

The Mac OS hosts file is no more or less dangerous than /etc/hosts on a
typical UNIX machine.  Used correctly it's an aid; used incorrectly it's
an evil.  Fortunately 99.9% of Mac users have no idea what a hosts file is
for, so most Macs don't have one.  FWIW Trumpet Winsock, the most commonly
used TCP/IP stack in Windows 3.1 days, also allowed a hosts file.  IIRC so
does Win 95/98 but its documentation is so obscured almost nobody knows
about it.  Don't know about more recent Windows versions, but I'd bet the
ability to use a hosts file is still there.

> Indeed, the way that most people on Macintosh are getting around the
> stupid issue of Gracenote and the CDDB suddenly taking all their
> hard-earned data that they have laboriously entered into the system
> and going private (and commercial) with that data, is by having a
> local HOSTS file that points the name "cddb.cddb.com" and
> "cddb.cddb.org" and "cddb.cddb.net" over to "freedb.org" instead.

Hmm.  Hadn't thought of that.

> A simple, nearly trivial, virus could easily create such a HOSTS file
> and identify it as such to the OS, and redirect traffic for any site
> in the world to any place they want....  Imagine www.disney.com being
> redirected to a website that trafficks in kiddie-porn.

Fortunately writing a Mac virus is far from trivial, and Macs have such
small market share that nobody bothers.

> Thank $DEITY that MacOS X should actually have both a proper resolver
> and a proper nameserver, built-in.

Haven't had a chance to play with OS X yet, but it's open-source UNIX
underneath the GUI so hopefully there's now DNS sanity built in.  Hmmm.
Has BIND been ported to OS X yet?

-- 
Chip Old (Francis E. Old)               E-Mail:  fold at bcpl.net
Manager, BCPL Network Services          Voice:   410-887-6180
Manager, BCPL.NET Internet Services     FAX:     410-887-2091
320 York Road
Towson, Maryland 21204-5179 U.S.A.





More information about the bind-users mailing list