tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: enableLookups=true, getRemoteHost returns ip
Date Thu, 29 Jan 2009 01:12:38 GMT
2009/1/28 otismo <peter@nomad.org>:
>
> I'm struggling to get enableLookups to work on a new Ubuntu 8.10 tomcat
> 6.0.18 install.  Calls to httpServletRequest.getHostName() always return the
> IP, instead of the host name.  I set the access log to resolve hosts and it
> also shows the ip.
>
> Tomcat 6.0.18 and the same webapp perform the reverse lookups fine on a
> WindowsXP machine.  It doesn't appear to be a permissions problem, as I've
> temporarily granted AllPermission to my webapp.  I've traced it down to
> java.net.InetAddress.getAddressFromNameService(String host, InetAddress
> reqAddr) and the subsequent call to
> sun.net.spi.nameservice.NameService.lookupAllHostAddr(host), which returns
> null.
>
> Inside getAddressFromNameService, the host is the valid host that I wish
> would be returned.  Since the lookupAllHostAddr(host) call fails,
> getAddressFromNameService then throws an UnknownHostException.
>
> I also tried setting -Dsun.net.spi.nameservice.provider.1=dns,sun but that
> didn't make a difference.
>
> Could it be a dns config issue on my ubuntu box (hosted by slicehost)?
> Using the host command and an IP in question returns the host name that I
> want to get back from httpServletRequest.getRemoteHost().  Any tips for me?
> I'm a linux noob.
>

It is a bit hard to read your message, because you traced it down
too deeply - the real cause / explanation is one level above that
getAddressFromNameService() call.

To get host name from its IP a reverse DNS lookup is performed.
That is,

java.net.InetAddress.getHostName() is called.

You problem is that that call fails and does not return the name of
the remote host. You can write a simple standalone Java program
and test that call on that ubuntu box.

Looking in to the JDK sources (I have 1.6.0_07 one), I see that
getHostName() method is implemented as a call to private method
java.net.InetAddress.getHostFromNameService()

The implementation of getHostFromNameService() has two steps:

1). reverse DNS lookup of Host name by its IP,
 -> nameService.getHostByAddr( ..) call

2). forward DNS lookup of IP addresses for the found host name,
 -> InetAddress.getAllByName0(...) call

and the second step checks, that the IP address whose Host name
you were asking is among the IP addresses for that name.

It does it "to prevent DNS spoofing". If the check fails, the method rejects
the host name that it has found, and returns the IP address.

It is this second step that fails in your case.

Thus, it is Sun JRE issue, or feature, and not Tomcat one.


Some searching found the following:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4148388

That is, such behavior is there since 1.1.* versions of JRE.

Also,
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4670102
proposes a workaround that uses a JNDI call to implement a DNS
lookup. Do not know, whether that works. Also, a comment there
mentions the https://javadns.dev.java.net/ project.


Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message