NetBSD Problem Report #15085
Received: (qmail 4596 invoked from network); 29 Dec 2001 12:41:30 -0000
Message-Id: <200112291242.fBTCgU302349@NetBSD.Jeb-intra.net>
Date: Sat, 29 Dec 2001 13:42:30 +0100 (CET)
From: Jeb@jeb.com.fr
Reply-To: Jeb@jeb.com.fr
To: gnats-bugs@gnats.netbsd.org
Subject: IPMON does't look for A after a PTR lookup
X-Send-Pr-Version: 3.95
>Number: 15085
>Category: bin
>Synopsis: IPMON does't look for A after a PTR lookup
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: suspended
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Sat Dec 29 12:42:01 +0000 2001
>Closed-Date:
>Last-Modified: Sat Dec 29 20:33:31 +0000 2001
>Originator: Jean-Edouard BABIN
>Release: NetBSD 1.5.1
>Organization:
>Environment:
System: NetBSD NetBSD 1.5.2 NetBSD 1.5.2 (NETBSD-1.5.2-JEB) #1: Sat Sep 15 00:40:33 GMT-2 2001 jeb@NetBSD:/usr/src/sys/arch/i386/compile/NETBSD-1.5.2-JEB i386
>Description:
When ipmon is used with -n to resolve ip into dns, he doesn't look if this
reverse realy exist, so sometime i get fake reverse in my ipmon log, so i
can't get the true ip
i think that ipmon muss not do:
IP -> Reverse (PTR) -> Ok > log
but:
IP -> Reverse -> try to resolve Reverse into IP(2) -> IP = IP(2) -> Ok > log
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
From: gabriel rosenkoetter <gr@eclipsed.net>
To: Jeb@jeb.com.fr
Cc: gnats-bugs@gnats.netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: bin/15085: IPMON does't look for A after a PTR lookup
Date: Sat, 29 Dec 2001 11:56:09 -0500
--U3BNvdZEnlJXqmh+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sat, Dec 29, 2001 at 01:42:30PM +0100, Jeb@jeb.com.fr wrote:
> >Description:
> When ipmon is used with -n to resolve ip into dns, he doesn't look if thi=
s=20
> reverse realy exist, so sometime i get fake reverse in my ipmon log, so i=
=20
> can't get the true ip
> i think that ipmon muss not do:
> IP -> Reverse (PTR) -> Ok > log
> but:
> IP -> Reverse -> try to resolve Reverse into IP(2) -> IP =3D IP(2) -> Ok =
> log
Hrm. You're getting exactly what you asked for, of course, which is
a resolved host name. The easy solution if you always want to know
what the address was is to simply not use the -n flag. (Imho, impon
doing a whois lookup and parsing the output into the logs would be
far more useful than a DNS lookup.)
The resolution routine that you're suggesting is *significantly*
slower (write yourself a test program, try it with some IPs leased
to .kr). Slowing down ipmon's logging is not really something you'd
like to do. Perhaps as a separate option, but I don't think I'm the
only person who'd rather not see this added to the -n flag.
Also, is this maybe something that would be better taken up in the
IPF development forum?
--=20
gabriel rosenkoetter
gr@eclipsed.net
--U3BNvdZEnlJXqmh+
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjwt9akACgkQ9ehacAz5CRpXagCgjvfd1Am8V6krqaokWKexi6Kb
QVsAn00Q8fQSqzsl05H4KyzTdvcvk8wc
=Yjmh
-----END PGP SIGNATURE-----
--U3BNvdZEnlJXqmh+--
State-Changed-From-To: open->suspended
State-Changed-By: tv
State-Changed-When: Sat Dec 29 12:31:57 PST 2001
State-Changed-Why:
This is a change-request, not a sw-bug.
Suspended for the moment, as paranoid DNS lookups are particularly slow and
prone to causing the logs to stuff up quite a bit. What you're probably looking
for, instead, is a Perl script that does these lookups on a *complete* log,
where the log tracked only IP addresses. (Note that IP addresses tend to be
the most useful data in such a log, not hostnames....)
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.