General DNS questions
Chip Old
fold at bcpl.net
Tue May 22 03:32:09 UTC 2001
On Tue, 22 May 2001, Brad Knowles wrote:
> IIRC, Apple does this. They couldn't be bothered to implement a full
> nameserver on Macintosh, but they didn't want to be stuck with a
> non-recursive resolver, so they struck off on their own separate
> totally bizarre route and decided to create a recursive resolver.
> Indeed, IIRC the early versions would actually "cache" the data they
> looked up in a local HOSTS.TXT file, so that they would never again
> have to go looking for that information.
The caching was done back when MacTCP was the standard TCP/IP stack for
Macs (prior to Mac OS 7.5 or thereabouts). That was a LONG time ago and
memory fades, but IIRC the cache file was MacTCP DNR, not the hosts file.
It was a pain if you got corrupted or bad data in the cache, because the
only way to clear it was to delete MacTCP DNR, then reboot to create a new
MacTCP DNR. AFAIK the modern Open Transport TCP/IP stack's resolver
doesn't cache.
> However, you *CAN* still create a local HOSTS file (they finally
> dropped the ".TXT" ending, and indeed you can call it anything you
> want, so long as you identify it to the OS as a "HOSTS file"), and
> that local HOSTS file will completely over-ride anything you may
> happen to want to look up in the DNS.
The Mac OS hosts file is no more or less dangerous than /etc/hosts on a
typical UNIX machine. Used correctly it's an aid; used incorrectly it's
an evil. Fortunately 99.9% of Mac users have no idea what a hosts file is
for, so most Macs don't have one. FWIW Trumpet Winsock, the most commonly
used TCP/IP stack in Windows 3.1 days, also allowed a hosts file. IIRC so
does Win 95/98 but its documentation is so obscured almost nobody knows
about it. Don't know about more recent Windows versions, but I'd bet the
ability to use a hosts file is still there.
> Indeed, the way that most people on Macintosh are getting around the
> stupid issue of Gracenote and the CDDB suddenly taking all their
> hard-earned data that they have laboriously entered into the system
> and going private (and commercial) with that data, is by having a
> local HOSTS file that points the name "cddb.cddb.com" and
> "cddb.cddb.org" and "cddb.cddb.net" over to "freedb.org" instead.
Hmm. Hadn't thought of that.
> A simple, nearly trivial, virus could easily create such a HOSTS file
> and identify it as such to the OS, and redirect traffic for any site
> in the world to any place they want.... Imagine www.disney.com being
> redirected to a website that trafficks in kiddie-porn.
Fortunately writing a Mac virus is far from trivial, and Macs have such
small market share that nobody bothers.
> Thank $DEITY that MacOS X should actually have both a proper resolver
> and a proper nameserver, built-in.
Haven't had a chance to play with OS X yet, but it's open-source UNIX
underneath the GUI so hopefully there's now DNS sanity built in. Hmmm.
Has BIND been ported to OS X yet?
--
Chip Old (Francis E. Old) E-Mail: fold at bcpl.net
Manager, BCPL Network Services Voice: 410-887-6180
Manager, BCPL.NET Internet Services FAX: 410-887-2091
320 York Road
Towson, Maryland 21204-5179 U.S.A.
More information about the bind-users
mailing list