...... Original Message .......
On Thu, 31 Mar 2005 17:44:12 -0500 <rg(_at_)mdpd(_dot_)com> wrote:
I hope I'm not speaking out-of-turn and I do realize that a lot of effort
has been expended on this project thus far...
But, since I am not so familiar with this problem and I believe I may be
able to provide a fresh perspective... Here is my question on the DNS topic:
Why are so many DNS requests necessary at all?
It seems to me that any system that needs IP verification via DNS should
do so for only the one IP that it needs to verify. Simplified: reverse the
verification role and have the DNS (server) zone verify the requested IP
and then reply with a pass or fail type token (or it can return the IP
itself or no IP if that IP fails.)
This approach seems more efficient and certainly more secure (since no
information more than that which is already known is revealed.)
If I am not seeing the big picture, someone please direct me to that
picture (or link.) Again, I am not well versed on this problem I hope that
has been made clear but I do wish to help it along (if at all possible.)
This can be done using the exists mechanism, but not easily with standard
DNS programs. This is not for everyone...
Scott Kitterman