in reply to RE: RE: Resolve addresses in web access logs
in thread Resolve addresses in web access logs
Quoting extensively from the Cookbook:
"...If you want the name of the remote end, call
gethostbyaddr to look up the name of the machine
in the DNS tables, right?
"Not really. That's only half the solution. Because a name lookup goes to the name's owner's DNS server and a lookup of an IP addresses goes to the address's owner's DNS server, you have to contend with the possibility that the machine that connecteed to you is giving incorrect names. For instance, the machine evil.crackers.org could belong to malevolent cyberpirates who tell their DNS server that its IP address (1.2.3.4) should be identified as trusted.dod.gov. If your program trusts trusted.dod.gov, a connection from evil.crackers.org will cause getpeername to return the right IP address (1.2.3.4), but gethostbyaddr will return the duplicitous name (my italics).
"To avoid this problem, we take the (possibly deceitful) name returned by gethostbyaddr and look it up again with gethostbyname..."
I'm just repeating, but it looks to me as if this is talking about gethostbyaddr having the potential to give incorrect information.