Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Re: Reliable FQDN from IP

by Rhandom (Curate)
on Nov 08, 2012 at 15:25 UTC ( #1002924=note: print w/ replies, xml ) Need Help??


in reply to Reliable FQDN from IP

require Socket; # very much core perl my $_host = gethostbyaddr(Socket::inet_aton($ip), Socket::AF_INET()) +;
my @a=qw(random brilliant braindead); print $a[rand(@a)];


Comment on Re: Reliable FQDN from IP
Download Code
Re^2: Reliable FQDN from IP
by agentorange (Sexton) on Nov 08, 2012 at 15:45 UTC
    I'd already looked into using the following which I think I'm right in saying is fundamentally the same as your code snippet suggestion (unless of course yours forces BIND in which case perfect!):
    $hostname = gethostbyaddr( inet_aton($ip), AF_INET );
    But unfortunately gethostbyaddr by design searches the sources listed in /etc/nsswitch.conf or similar.

    For me this is undesirable as my single source of truth for the FQDN is not the client but DNS. With /etc/nsswitch.conf set to local followed by bind the query is likely to resolve from /etc/hosts first which cannot be relied upon to be accurate.
      With /etc/nsswitch.conf set to local followed by bind the query is likely to resolve from /etc/hosts first which cannot be relied upon to be accurate.

      Theoretically correct. But have a look at your /etc/hosts: In any environment with a working DNS setup, you should find no other record than localhost 127.0.0.1 and perhaps localhost ::1. So, for any other IP address, DNS is queried. If you fear that someone manipulates /etc/hosts, you fear that someone gains root privileges on that machine. Why do you run code on a machine you can not trust?

      Alexander

      --
      Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
        Not true I'm afraid. At a minimum most machines will have their primary interface and the hostname of its other interfaces within /etc/hosts.

        Whilst you shouldn't underestimate the benefit of considering things that shouldn't happen in your environment, ie. access to root, that is not the reason for wanting to ensure we solely query DNS in this instance. DNS is my single source of truth and I do not wish to work with assumptions in order for my code to work.

        Additionally it'll run across 100K+ hosts therefore you have to work with the lowest common denominator to ensure your code is portable across that number of hosts.

        Hence why:

        Perl 5.8.8
        Core modules
        and force DNS lookup.

        This isn't really a Perl discussion now though.
        Why do you run code on a machine you can not trust?

        Why do you write code that can run correctly on a machine that you cannot trust? Clearly, nobody should ever write code that might be run on a machine where somebody else has root access. :)

        - tye        

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1002924]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (4)
As of 2014-12-20 10:39 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (95 votes), past polls