/etc/hosts and DNS

Fredrik Tolf fredrik at dolda2000.com
Thu Feb 17 06:59:54 EST 2005


On Thu, 2005-02-17 at 02:07 +0000, Luke wrote:
> On 2005-02-14, Luke <clairst at uiuc.edu> wrote:
> > The situation in my network requires some of my machines to never have the
> > same address (traveling laptops, etc).  I'd like them to be able to still
> > access kerberized application servers.  Will simply requesting addressless
> > tickets solve this?  Or are DNS lookups (forward or reverse) still
> > necessary, even just for clients?
> >
> > My other question is about kerberized servers -  my kdc has a PPPoE
> > connection, so the outward facing address is dynamic.  I can't change
> > reverse lookups, sadly, due to my ISP.  How can I use /etc/hosts to give a
> > correct resolution?  Can i use /etc/hosts in this situation, when my
> > external IP is dynamic?
> 
> However, my external IP adddress is dynamic, and reverse maps to garbage, so
> I haven't been able to figure out a way for remote clients to connect - any
> help/thoughts are appreciated.

I've been thinking about this as well -- I'm running Kerberos and IPv6
at home, and a friend of mine is planning on using it as well, but since
we have no control over the reverse mappings, and he also has a dynamic
IP, we're in trouble.

My initial thoughts on how to solve it would be to write a new nsswitch
module for (g)libc that we plug into nsswitch as a host module. It would
then try to do reverse lookups by trying to contact the remote host and
simply ask it what it wants to be called. That, of course, requires a
protocol to do so, but I was planning on simply hooking up hostname -f
into xinetd.

The problems with that are of course that 1) it's non-standard, so it
won't work on non-modified hosts and 2) it will make reverse lookups
really slow on hosts that aren't responding.

If someone has a better idea, please tell me.

Fredrik Tolf




More information about the Kerberos mailing list