Re^3: Reliable FQDN from IP

With /etc/nsswitch.conf set to local followed by bind the query is likely to resolve from /etc/hosts first which cannot be relied upon to be accurate.

Theoretically correct. But have a look at your /etc/hosts: In any environment with a working DNS setup, you should find no other record than localhost 127.0.0.1 and perhaps localhost ::1. So, for any other IP address, DNS is queried. If you fear that someone manipulates /etc/hosts, you fear that someone gains root privileges on that machine. Why do you run code on a machine you can not trust?

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Comment on Re^3: Reliable FQDN from IP Select or Download Code

Replies are listed 'Best First'.
Re^4: Reliable FQDN from IP (trust?) by tye (Sage) on Nov 09, 2012 at 15:20 UTC
Why do you run code on a machine you can not trust? Why do you write code that can run correctly on a machine that you cannot trust? Clearly, nobody should ever write code that might be run on a machine where somebody else has root access. :) - tye	[reply]
Re^4: Reliable FQDN from IP by agentorange (Sexton) on Nov 09, 2012 at 14:37 UTC
Not true I'm afraid. At a minimum most machines will have their primary interface and the hostname of its other interfaces within /etc/hosts. Whilst you shouldn't underestimate the benefit of considering things that shouldn't happen in your environment, ie. access to root, that is not the reason for wanting to ensure we solely query DNS in this instance. DNS is my single source of truth and I do not wish to work with assumptions in order for my code to work. Additionally it'll run across 100K+ hosts therefore you have to work with the lowest common denominator to ensure your code is portable across that number of hosts. Hence why: Perl 5.8.8 Core modules and force DNS lookup. This isn't really a Perl discussion now though.	[reply]
Re^5: Reliable FQDN from IP by afoken (Chancellor) on Nov 10, 2012 at 18:52 UTC
DNS is my single source of truth and I do not wish to work with assumptions in order for my code to work. How can you be sure that DNS requests send / DNS responses received by your script or an underlying library are not manipulated? Perl 5.8.8 Core modules and force DNS lookup. It seems the core modules of 5.8.8 are not sufficient to solve your problem, because there seems to be no interface to configure the DNS resolving functions. So you need to include code to resolve from Perl. Net::DNS can do that. It contains some XS code, but using XS is optional. The same is true for some Win32 specific dependancies. Read the Makefile.PL in Net::DNS for details. Include Net::DNS in your code, and you have complete control over name resolution. This isn't really a Perl discussion now though. Who cares? I still do not understand why you think that you need to resolve only using the DNS. What is your actual problem you want so solve? Alexander -- Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)	[reply]
Re^6: Reliable FQDN from IP (spec) by tye (Sage) on Nov 10, 2012 at 22:51 UTC
He needs a script that can run on systems where he knows they will be configured to query DNS that would return reasonable FQDNs (where "fully qualified" is important) and where people using those systems might have good reason to set up short aliases in their /etc/hosts files for their own purposes. And now he has code for such a script that will get the fully qualified domain names he needs. - tye	[reply]