/etc/hosts and DNS
Roland Dowdeswell
elric at imrryr.org
Thu Feb 17 15:24:30 EST 2005
On 1108641594 seconds since the Beginning of the UNIX epoch
Fredrik Tolf wrote:
>
>On Thu, 2005-02-17 at 02:07 +0000, Luke wrote:
>> On 2005-02-14, Luke <clairst at uiuc.edu> wrote:
>> > The situation in my network requires some of my machines to never have the
>> > same address (traveling laptops, etc). I'd like them to be able to still
>> > access kerberized application servers. Will simply requesting addressless
>> > tickets solve this? Or are DNS lookups (forward or reverse) still
>> > necessary, even just for clients?
>> >
>> > My other question is about kerberized servers - my kdc has a PPPoE
>> > connection, so the outward facing address is dynamic. I can't change
>> > reverse lookups, sadly, due to my ISP. How can I use /etc/hosts to give a
>> > correct resolution? Can i use /etc/hosts in this situation, when my
>> > external IP is dynamic?
>>
>> However, my external IP adddress is dynamic, and reverse maps to garbage, so
>> I haven't been able to figure out a way for remote clients to connect - any
>> help/thoughts are appreciated.
>
>I've been thinking about this as well -- I'm running Kerberos and IPv6
>at home, and a friend of mine is planning on using it as well, but since
>we have no control over the reverse mappings, and he also has a dynamic
>IP, we're in trouble.
>
>My initial thoughts on how to solve it would be to write a new nsswitch
>module for (g)libc that we plug into nsswitch as a host module. It would
>then try to do reverse lookups by trying to contact the remote host and
>simply ask it what it wants to be called. That, of course, requires a
>protocol to do so, but I was planning on simply hooking up hostname -f
>into xinetd.
>
>The problems with that are of course that 1) it's non-standard, so it
>won't work on non-modified hosts and 2) it will make reverse lookups
>really slow on hosts that aren't responding.
>
>If someone has a better idea, please tell me.
Yes, issue a ICMP6_FQDN_QUERY to the host and use its response.
On NetBSD, e.g., ping6 -w will do this. Better than writing a new
service, write a DNS nameserver which will do this and delegate
reverse mapping of IPv6 PTR requests to it.
--
Roland Dowdeswell http://www.Imrryr.ORG/~elric/
More information about the Kerberos
mailing list