Darren Reed wrote:
| Your lack of trust in DNS replies is well founded, but it may well be
| useful for you to know who is trying to spoof DNS records if you do an
| IP#->name lookup (from a DNS server) and get a 'local' machine name
| which has a different IP# to that which you're doing a lookup on.
|
| In this area, I think it is DNS libraries which are a bit on the deficient
| side; it would be nice to be able to set the a preference of /etc/hosts or
| a DNS server for each lookup AND also know from which the answer came.
|
| Then at least you can depend on local mappings (from /etc/hosts) and start
| asking questions when you see a clash.
On a simmilar vein, I've a (yet another) version of libresolv which allows
one to chose any order of `/etc/hosts' `DNS-internal' `DNS-global' and `NIS'
which works well for `gethostby...' but has slight problems for direct res_
calls (you get whichever last succeeded of `DNS-(in|ex)ternal' which is
usually appropriate, but...)
This lives in libc on the gateway to which my users log on to access the
Internet.
It doesn't address the `where did I get this info from?' question, but could
easily --- I havn't felt the need yet.
If there is sufficient interest I could make a file available for FTP
(sufficient > 4)
|
|
