Short hostnames in URLs
Thiago Macieira
thiagom at wanadoo.fr
Thu Aug 8 12:07:50 BST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cristian Tibirna wrote:
>Bind offers the cool feature of being able to list all records on a name
>server.
>
>$ nslookup
>
>> server <nameserver>.<domain>
>> ls -d <domain>
>
>I wonder if the bind libs/tools would allow to do this from code.
Yes, they would. What you're referring to is a simple Authority Transfer query
(AXFR). If you want to test it, try this:
$ dig <domain> AXFR @<nameserver>.<domain>
It should list all records in that domain, starting and ending with the SOA
(Start Of Authority).
>Problem is, AFAICT, this feature isn't well supported by all servers, and
>especially not by the wonderful windows2000 ones.
That's not the point. All DNS servers must support this call, since it's the
standard way for seconday nameservers to obtain their records from the
primary nameserver. (i.e., you set up your secondary and run named, it'll
dispatch an AXFR to the primary and obtain the listing).
However, the behaviour you're referring to -- not all nameservers honour this
request -- is because the DNS Admin took preventive measures. Normally, no
one else but the secondary nameservers needs to do AXFR. So you can just
block and ignore such requests from anyone else. In BIND, you'd add to your
zone (in named.conf):
allow-transfer { secondary-ip; secondary-ip; };
>With this information, we would be able to automatically build a cache, and
>probably update it once in a while (in the background).
You're asking us to maintain a cache of all domains searched. It wouldn't make
sense to maintain such a cache at application-level. So, what you're really
asking is to maintain a cache of the Internet. From my point of view, it's
not feasible.
Now, AXFR queries are more sensitive than normal ones. First of all, as I said
before, they could be simply ignored, which would mean timeout. And secondly,
AXFR responses are large (more than 512 bytes), so they are usually
transferred via TCP instead of UDP.
And mind you, what would happen if the code decided to transfer the whole of
.com?
The solution to this is asynchronous DNS lookup, if at all. QDns honours
/etc/hosts, but it doesn't honour /etc/nsswitch.conf, which means it won't
try nis and nisplus lookups before trying DNS -- or anything else configured
in nsswitch.conf, for that matter. I've been investigating how to do that for
the past few days, and the only asynchronous lookup method in glibc is
getaddrinfo_a. Short of that, only threading would work.
- --
Thiago Macieira - UFOT Registry number: 1001
thiagom at mail.com
ICQ UIN: 1967141 PGP/GPG: 0x6EF45358
Registered Linux user #65028
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9UlEGM/XwBW70U1gRAohLAJ4xOcrXXx3smzyvlha2tTfYqfD2PwCgsQpF
rVooDrDsOuAzS+jXAj7/whQ=
=02i/
-----END PGP SIGNATURE-----
More information about the kde-core-devel
mailing list