Maybe you are wrong. or may be I am but:
gethostbyaddr returns the names matching the ip.
reverse name entries is as secure as dns gets. if
the ip has a reverse name, the ip for that name
will match the ip.
the discussion in the Cookbook is about
looking, whether the ipaddress you got when looking up by
name, matches the original name. which it
will not, unless you have a reverse entry for the same name.
RE: RE: Resolve addresses in web access logs
Replies are listed 'Best First'.
I don't think there's any looking up by name--in the
example the IP was grabbed with getpeername and
the name isn't known. If you were to get the ip with
gethostbyname and then use gethostbyaddr on the
result, you would be verifying it as they suggest, just
Quoting extensively from the Cookbook:
"...If you want the name of the remote end, call
gethostbyaddr to look up the name of the machine
in the DNS tables, right?
"Not really. That's only half the solution.
Because a name lookup goes to the name's owner's DNS
server and a lookup of an IP addresses goes to the
address's owner's DNS server, you have to contend with
the possibility that the machine that connecteed to you
is giving incorrect names. For instance, the machine
evil.crackers.org could belong to malevolent
cyberpirates who tell their DNS server that its IP address
(220.127.116.11) should be identified as
trusted.dod.gov. If your program trusts
trusted.dod.gov, a connection from
evil.crackers.org will cause getpeername to
return the right IP address (18.104.22.168), but
gethostbyaddr will return the duplicitous name
"To avoid this problem, we take the (possibly deceitful)
name returned by gethostbyaddr and look it up again
I'm just repeating, but it looks to me as if this is
talking about gethostbyaddr having the potential
to give incorrect information.