[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[idn] Re: My thoughts so far
At 18:14 11.02.00 +0800, James Seng wrote:
>Harald Tveit Alvestrand wrote:
> > I'm not sure - I would think that it was reasonable that if someone asked
> > for a PTR record for 4.3.2.1.in-addr.arpa, the bytes entered into the
> > database by the administrator of the 3.2.1.in-addr.arpa zone would be
> > returned.
>
>Actually, this is more conseqences then it appears.
>
>For example,
>
>Some.Multilingual.Domain -> IP
>IP -> some.multilingual.domain
>
>If it is english, seem pretty simple enough since we just do a case
>insenstivity comparsion. But what about multilingual case comparsion?
actually this so-called "security" check is pretty useless in most real
cases; you have to do at least 4 lookups before you can reasonably expect
to have an opinion about whether something is well mapped back or not.
check:
www.alvestrand.no -> CNAME dokka.alvestrand.no
dokka.alvestrand.no -> 195.139.236.69
195.139.236.69 -> dokka.maxware.no
dokka.maxware.no -> 195.139.236.69
It gets progressively worse for routers and other boxes that have many IP
addresses for legitimate reasons, especially if some of their interfaces
have Net-10 addresses, or the admins sincerely don't believe in
reverse-mapping.
So the problem of non-match here might not be terribly interesting, or else
an area where the admin has to take care anyway.
Harald
--
Harald Tveit Alvestrand, EDB Maxware, Norway
Harald.Alvestrand@edb.maxware.no