[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[IPSECKEY] reverse map usage



-----BEGIN PGP SIGNED MESSAGE-----


Does this text make sense?

===

<section title="Use of reverse (in-addr.arpa) map">
<t>
Often a security gateway will only have access to the IP address to which
communication is desired. It will not know the forward name. As such, it
will frequently be the case that the IP address will be used an index into
the reverse map. 
</t>

<t>
The lookup is done in the usual fashion as for PTR records. The IP address'
octets (IPv4) or nibbles (IPv6) are reversed and looked up under the .arpa.
zone. Any CNAMEs or DNAMEs found SHOULD be followed.
</t>

<t>
Note: even when the IPsec function is the end-host, often only the application 
will know the forward name used. While the case where the application knows
the forward name is common, the user could easily have typed in a literal IP
address. This storage mechanism does not preclude using the forward name
when it is available, but does not require it.
</t>
</section>

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQBgmkIqHRg3pndX9AQFR1gP+JKPhbebWqApYvK7unp64HBkhnk3saxiw
LEOYFSHY1FUgt3b8CSdzwmt9LuVyBZ4cC5fg+f3jJ2MY2arMAe0GF+22F+Z8XdLH
wjoADALWrXLXwhwBTRhWYdxndc0oMmAP9iWHpYshHJhbCY9P9/28b84xh0PgJPWd
DFSM9PYTs+Y=
=lB3a
-----END PGP SIGNATURE-----
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.