www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: config/2632: access.conf "allow from" erratic in domain name reverse lookups
Date Thu, 16 Jul 1998 00:40:00 GMT
The following reply was made to PR config/2632; it has been noted by GNATS.

From: Marc Slemko <marcs@znep.com>
To: Whit Blauvelt <whit@transpect.com>
Cc: apbugs@apache.org
Subject: Re: config/2632: access.conf "allow from" erratic in domain name reverse lookups
Date: Wed, 15 Jul 1998 17:35:01 -0700 (PDT)

 On Wed, 15 Jul 1998, Whit Blauvelt wrote:
 
 >  Marc, 
 > 
 >  This could be it then. Although it wouldn't explain why it works
 >  sometimes. The IP is 208.203.240.9, and a lookup on that from anywhere
 >  should produce gtwy1.fftw.com; however going backwards from the name to
 >  the IP does not work (at least from public space). So you're saying that
 >  Apache sees the IP, looks up the name, but then won't trust the name
 >  unless it can then translate it back? This does make sense for security -
 >  in which case the bug to trace would be that sometimes the get request is
 >  accepted anyway.
 
 There are two reverse DNS servers listed for 208.203.240 in the outside
 world:
 
 240.203.208.in-addr.arpa.       21600   NS      BOND.FFTW.COM.
 240.203.208.in-addr.arpa.       21600   NS      AUTH02.NS.UU.NET.
 
 However, auth02 claims to know nothing about that zone while bond.fftw.com
 does give a reverse lookup.  This could cause what you are seeing.
 
 > 
 >  Whit
 > 
 >  > Apache does both forward and reverse lookups.  It has to be able to
 >  lookup
 >  > the name associated with the IP address, and the IP address associated
 >  > with the name that it gets.
 >  
 > 
 > 
 >  \/\/ I-I I T 
 >  Blauvelt
 >  whit@transpect.com
 > 
 > 
 
 
 

Mime
View raw message