At 04:49 PM 8/6/98 +0100, Philip Hazel wrote:
>On Thu, 6 Aug 1998, John Horne wrote:
>
>> argus.plymouth.ac.uk => 141.163.2.1
>> 141.163.2.1 => argus.plym.ac.uk
>
>Yes, but argus.plym.ac.uk => 141.163.2.1
>
>so checking IP => name => same IP would succeed. However, if somebody
>has set up, say,
>
>sender_host_accept = argus.plymouth.ac.uk
>
>then doing the check by reverse lookup won't work. I need to invent a
>strategy that will cover this sort of case, because I think it is
>actually quite common. Maybe something like:
>
>. Look up the IP address => yields argus.plym.ac.uk
>
>. (Optionally) look up argus.plym.ac.uk and make sure it does give
> back the same IP address. If not, behave as "host name unknown".
>
>. When the name check shows that argus.plym.ac.uk != argus.plymouth.ac.uk,
> observe that the name in the configuration list is a complete name (no
> wild cards), so look up argus.plymouth.ac.uk and discover that the IPs
> do in fact match, and so treat it as a match.
yes. basically, you need to do one more lookup, because domain name
mappings to ip addresses are many to one (and include both cname and a
records) but ip address mappings back to domain names (the ptr records) are
one to one.
1) domain name(s) => single ip
2) single ip => single domain name
3) single domain name => single ip (matches single ip from step 1)
and you've got it.
richard
--
Richard Welty
NeWorks Networking, Inc. 518-244-9675
rwelty@??? http://www.neworks.net/
--
*** Exim information can be found at
http://www.exim.org/ ***
