[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to find initiating host address?

To: Robert Elz <kre@MUNNARI.OZ.AU>
Subject: Re: How to find initiating host address?
From: "전우직" <chun@comeng.chungnam.ac.kr>
Date: Mon, 20 Sep 1999 11:05:09 +0900
CC: DNS mailing List <namedroppers@internic.net>

Thanks for kind reply.

>   | This may useful to reply differently according to the initiator.
>
> That must never be done.   DNS information is cached and passed around all
> over the place.   There's no way to confine this kind of information.  The
> only way to have different hosts see different DNS responses is to have them
> in totally separate DNS worlds, where all possibility of information
> leakage is very carefully guarded against.
>
>   | IMHO, a field, "initiator" or something, may be inserted in DNS query,
>   | and this field must be copied to recursibe querries.
>
> No, that can't work, caching means that information is given out by
> any random DNS server on the internet.
>
> Eg: in your example, when firstNS does the lookup for client A, it
> remembers the answer it received.   When some other client (which might
> or might not be in any way related to A) does a lookup, firstNS just
> returns the answer it obtained before (assuming the second query is
> within the time to live of the answer when it was obtained initially).

Of course, that's correct in case of caching.
However, the lastNS, the owner of the resource record, may set TTL = 0
in the reply. That is, the record will not be cached.Every time the resource is
asked, the query must be replied by thelastNS that owns the resource record.
This technique already is used in bi-directional NAT(network address
translation).

> The whole DNS is designed around the philosophy of there being one common
> set of data that is equally available to all who ask.   Changing this is
> no simple thing to achieve.
>

I do not mean that the DNS philosophy has to be changed.An additional option
field in the query format does no harm to current
DNS implementation but might be useful in some applications.
For example, NSs may collect statistics on who generates the query.
And an NS may reply one server among equivalent servers with the same domain
name. The replied server is the nearest one from the initiator of the
DNS query. Similar technique is in use at the "Cisco DistributedDirector",
where the replied server is the nearest one from the firstNS,
not from the initiator.

Prev by Date: Re: How to find initiating host address?
Next by Date: Re: How to find initiating host address?
Prev by thread: Re: How to find initiating host address?
Next by thread: Re: How to find initiating host address?
Index(es):
- Date
- Thread