Re: [sitefinder-tech-discuss] Pseudo code please

[Bruce Campbell <bruce.campbell@ripe.net>]

On Wed, 22 Oct 2003, Andrew Newton wrote:

> Kee Hinckley wrote:
> >
> > Given a hostname provided by a user (e.g. foo.example.com), how do I
> > determine that the result I get back when I lookup the A record
> > corresponds to something provided by example.com rather than something
> > generated by Verisign?
>
> Using the previous answer, you can check for a delegation in com for
> example.com.

Possible in applications that do DNS queries directly, not possible
without another query in applications that rely on resolver libraries.

> It is also possible to compare the results of *.com to the
> results of example.com.

Another query, plus, its an ugly hack.

Many implementations of such a hack will assume that the wildcard will
have only one 'A' record, and will break if multiple 'A' records need to
be put in the wildcard.

Some implementations will hard code the wildcard IP address used at the
time the implementor's, and will break if the address need to be changed.

So far, these are problems in the patching of applications, and thus
breakage in them wouldn't be directly attributable to Verisign (well,
indirectly yes, but the Verisign stance is 'its your problem if you cannot
adhere to dns standards).

All implementations will be unable to detect the usage of synthesis other
than the wildcard, as Verisign attempted to do last year, and will thus
will break if another synthesis method is used.

I don't think that querying for '*.whatever' is sufficently futureproof.

--==--
Bruce.

----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.elistx.com/unsubscribe>