Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Re: Reliable FQDN from IP

by Rhandom (Curate)
on Nov 08, 2012 at 15:25 UTC ( [id://1002924]=note: print w/replies, xml ) Need Help??


in reply to Reliable FQDN from IP

  require Socket; # very much core perl
  my $_host = gethostbyaddr(Socket::inet_aton($ip), Socket::AF_INET())
+;

[download]
my @a=qw(random brilliant braindead); print $a[rand(@a)];

Replies are listed 'Best First'.
Re^2: Reliable FQDN from IP
by agentorange (Sexton) on Nov 08, 2012 at 15:45 UTC
    I'd already looked into using the following which I think I'm right in saying is fundamentally the same as your code snippet suggestion (unless of course yours forces BIND in which case perfect!):
    $hostname = gethostbyaddr( inet_aton($ip), AF_INET );

    [download]
    But unfortunately gethostbyaddr by design searches the sources listed in /etc/nsswitch.conf or similar.

    For me this is undesirable as my single source of truth for the FQDN is not the client but DNS. With /etc/nsswitch.conf set to local followed by bind the query is likely to resolve from /etc/hosts first which cannot be relied upon to be accurate.
[reply]
[d/l]
      With /etc/nsswitch.conf set to local followed by bind the query is likely to resolve from /etc/hosts first which cannot be relied upon to be accurate.

      Theoretically correct. But have a look at your /etc/hosts: In any environment with a working DNS setup, you should find no other record than localhost 127.0.0.1 and perhaps localhost ::1. So, for any other IP address, DNS is queried. If you fear that someone manipulates /etc/hosts, you fear that someone gains root privileges on that machine. Why do you run code on a machine you can not trust?

      Alexander

      --
      Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
[reply]
[d/l]
[select]
        Why do you run code on a machine you can not trust?

        Why do you write code that can run correctly on a machine that you cannot trust? Clearly, nobody should ever write code that might be run on a machine where somebody else has root access. :)

        - tye        

[reply]
        Not true I'm afraid. At a minimum most machines will have their primary interface and the hostname of its other interfaces within /etc/hosts.

        Whilst you shouldn't underestimate the benefit of considering things that shouldn't happen in your environment, ie. access to root, that is not the reason for wanting to ensure we solely query DNS in this instance. DNS is my single source of truth and I do not wish to work with assumptions in order for my code to work.

        Additionally it'll run across 100K+ hosts therefore you have to work with the lowest common denominator to ensure your code is portable across that number of hosts.

        Hence why:

        Perl 5.8.8
        Core modules
        and force DNS lookup.

        This isn't really a Perl discussion now though.
[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1002924]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others lurking in the Monastery: (4)
As of 2024-04-25 14:14 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found