General DNS questions

Brad Knowles brad.knowles at skynet.be
Mon May 21 23:15:00 UTC 2001 

At 6:14 PM -0400 5/21/01, Kevin Darcy wrote:

>>  How wide is the usage of such hosts in the real world?
>
>  You mean, hosts whose system resolvers allow toggling of
>  recursive-versus-non-recursive? I would say "very low usage", since I'm
>  not aware of any OS that implements this.

	IIRC, Apple does this.  They couldn't be bothered to implement a 
full nameserver on Macintosh, but they didn't want to be stuck with a 
non-recursive resolver, so they struck off on their own separate 
totally bizarre route and decided to create a recursive resolver. 
Indeed, IIRC the early versions would actually "cache" the data they 
looked up in a local HOSTS.TXT file, so that they would never again 
have to go looking for that information.

	And I have given Garry Hornbuckle *NO* end of grief over this 
bizarre situation which continues to this very day.  Well, at least 
they stopped completely and totally violating virtually every RFC in 
existence by caching things in a local HOSTS.TXT file.


	However, you *CAN* still create a local HOSTS file (they finally 
dropped the ".TXT" ending, and indeed you can call it anything you 
want, so long as you identify it to the OS as a "HOSTS file"), and 
that local HOSTS file will completely over-ride anything you may 
happen to want to look up in the DNS.

	Indeed, the way that most people on Macintosh are getting around 
the stupid issue of Gracenote and the CDDB suddenly taking all their 
hard-earned data that they have laboriously entered into the system 
and going private (and commercial) with that data, is by having a 
local HOSTS file that points the name "cddb.cddb.com" and 
"cddb.cddb.org" and "cddb.cddb.net" over to "freedb.org" instead.

	A simple, nearly trivial, virus could easily create such a HOSTS 
file and identify it as such to the OS, and redirect traffic for any 
site in the world to any place they want....  Imagine www.disney.com 
being redirected to a website that trafficks in kiddie-porn.


	Thank $DEITY that MacOS X should actually have both a proper 
resolver and a proper nameserver, built-in.

-- 
Brad Knowles, <brad.knowles at skynet.be>

/*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'

More information about the bind-users mailing list