% > >even if you do this the end system identifier needs to be globally
% > >scoped, and you need to be able to use the end system identifier
% > >from anywhere in the net, as a means to reach that end system.
% >
% > DNS is a bright and successfull example of such deal.
%
% actually, DNS is slow, unreliable, and often out of sync with reality.
%
% DNS reverse lookup tables (PTR) are not as well maintained as forward
% lookup tables (A) so they're even less reliable.
This is an assertion that I've heard over the years
and I've come to beleive (based on regular audits of
the in-addr space) that this is an Internet equivalent
of an urban legend. I'd really like to see your backing
data on this.
This is hardly an urban legend. Columbia University requires the
use of tcpwrappers in Paranoid mode which requires that the forward
and reverse lookups for an IP address in DNS match. The Kermit
Project is based at Columbia University and uses its systems for
our FTP and HTTP access. A week does not go by when we do not
get complaints about people being unable to access our FTP server
due to a failure of the forward and reverse to match.
Just from the first 8 hours of logs today:
proxauth3-bb2.globalintranet.net != 212.234.59.254
hide193.nhs.uk != 195.107.47.193
marta-c-gw.caravan.ru != 212.24.53.234
su9127.eclipse.co.uk != 212.104.136.138
Granted this is hardly a scientific study. But we see this from
approximately a dozen new addresses every day.
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html *
kermit-support(_at_)kermit-project(_dot_)org