Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re^3: Reliable FQDN from IP

by afoken (Parson)
on Nov 09, 2012 at 05:58 UTC ( #1003069=note: print w/ replies, xml ) Need Help??


in reply to Re^2: Reliable FQDN from IP
in thread Reliable FQDN from IP

With /etc/nsswitch.conf set to local followed by bind the query is likely to resolve from /etc/hosts first which cannot be relied upon to be accurate.

Theoretically correct. But have a look at your /etc/hosts: In any environment with a working DNS setup, you should find no other record than localhost 127.0.0.1 and perhaps localhost ::1. So, for any other IP address, DNS is queried. If you fear that someone manipulates /etc/hosts, you fear that someone gains root privileges on that machine. Why do you run code on a machine you can not trust?

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)


Comment on Re^3: Reliable FQDN from IP
Select or Download Code
Re^4: Reliable FQDN from IP
by agentorange (Sexton) on Nov 09, 2012 at 14:37 UTC
    Not true I'm afraid. At a minimum most machines will have their primary interface and the hostname of its other interfaces within /etc/hosts.

    Whilst you shouldn't underestimate the benefit of considering things that shouldn't happen in your environment, ie. access to root, that is not the reason for wanting to ensure we solely query DNS in this instance. DNS is my single source of truth and I do not wish to work with assumptions in order for my code to work.

    Additionally it'll run across 100K+ hosts therefore you have to work with the lowest common denominator to ensure your code is portable across that number of hosts.

    Hence why:

    Perl 5.8.8
    Core modules
    and force DNS lookup.

    This isn't really a Perl discussion now though.
      DNS is my single source of truth and I do not wish to work with assumptions in order for my code to work.

      How can you be sure that DNS requests send / DNS responses received by your script or an underlying library are not manipulated?

      Perl 5.8.8
      Core modules
      and force DNS lookup.

      It seems the core modules of 5.8.8 are not sufficient to solve your problem, because there seems to be no interface to configure the DNS resolving functions. So you need to include code to resolve from Perl. Net::DNS can do that. It contains some XS code, but using XS is optional. The same is true for some Win32 specific dependancies. Read the Makefile.PL in Net::DNS for details. Include Net::DNS in your code, and you have complete control over name resolution.

      This isn't really a Perl discussion now though.

      Who cares? I still do not understand why you think that you need to resolve only using the DNS. What is your actual problem you want so solve?

      Alexander

      --
      Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

        He needs a script that can run on systems where he knows they will be configured to query DNS that would return reasonable FQDNs (where "fully qualified" is important) and where people using those systems might have good reason to set up short aliases in their /etc/hosts files for their own purposes. And now he has code for such a script that will get the fully qualified domain names he needs.

        - tye        

Re^4: Reliable FQDN from IP (trust?)
by tye (Cardinal) on Nov 09, 2012 at 15:20 UTC
    Why do you run code on a machine you can not trust?

    Why do you write code that can run correctly on a machine that you cannot trust? Clearly, nobody should ever write code that might be run on a machine where somebody else has root access. :)

    - tye        

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1003069]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (12)
As of 2014-07-31 16:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (249 votes), past polls