DNS was [Gllug] IPSec

Robert McKay robert at mckay.com
Tue Feb 12 13:10:48 UTC 2002 

On Tue, 12 Feb 2002, Richard Cottrill wrote:

> I'm curious; what's a 'large' DNS query? Is that where you store a HUGE
> FQDN, or when you store other stuff in a DNS (like keys for IPSec)? Is it
> only appropriate for lookups or for reverse lookups as well?

Queries can return multiple records. For example the query 'microsoft.com'
yeilds 5 A records and 3 MX's. If total size of the records returned was
larger than maximum UDP datagram size (It only sends one datagram per
response) it would have to resort to using the virtual circuit (TCP)
connection in order to get the results.

DNS reverse lookups do use DNS.. they use the PTR record type and are
normally registered in the in-addr.arpa domain which is a domain like any
other. There's nothing special about this domain other than it is the
domain that the resolver uses for looking up the reverse DNS of an IP.
Nothing is stopping MicroSoft from creating an A record called
www.197.46.207.in-addr.arpa for example, other than the fact that it'd be
a really dumb name. ;)

For instance:

207.46.197.102 is 102.197.46.207.in-addr.arpa. in DNS,

a query for 102.197.46.207.in-addr.arpa returns 4 PTR records (the reverse
DNS).

Server:  dns1.cp.msft.net
Address:  207.46.138.20

102.197.46.207.in-addr.arpa     name = microsoft.com
102.197.46.207.in-addr.arpa     name = microsoft.net
102.197.46.207.in-addr.arpa     name = www.domestic.microsoft.com
102.197.46.207.in-addr.arpa     name = www.us.microsoft.com
> set q=ptr
> 102.197.46.207.in-addr.arpa.
Server:  dns1.cp.msft.net
Address:  207.46.138.20

102.197.46.207.in-addr.arpa     name = microsoft.com
102.197.46.207.in-addr.arpa     name = microsoft.net
102.197.46.207.in-addr.arpa     name = www.domestic.microsoft.com
102.197.46.207.in-addr.arpa     name = www.us.microsoft.com

> Apart from name/IP data and IPSec stuff (which initially surprised me) what
> else do people put in DNS? What are the limitations?

Here's a good list of DNS record types and what they do:

http://www.dns.net/dnsrd/rr.html

In particular,

It'd be nice if more people used DNS LOC (location) records:
http://www.ckdhr.com/dns-loc/

Other types of reverse records have been proposed, such as the ENUM
(telephone number) www.ietf.org/rfc/rfc2916.txt record which allows people
to define all sorts of ways that you can connect to a phone number - for
example if your phone is connected to the internet and someone else with
an internet connected phone tries to call you, their phone would look up
the ENUM record for that phone number and it'd be able to find out that it
could just connect directly to your phone over the internet instead of
forking out money to BT to use your landline. ;)


-Robert.


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list