NetBSD Problem Report #15085

Received: (qmail 4596 invoked from network); 29 Dec 2001 12:41:30 -0000
Message-Id: <200112291242.fBTCgU302349@NetBSD.Jeb-intra.net>
Date: Sat, 29 Dec 2001 13:42:30 +0100 (CET)
From: Jeb@jeb.com.fr
Reply-To: Jeb@jeb.com.fr
To: gnats-bugs@gnats.netbsd.org
Subject: IPMON does't look for A after a PTR lookup
X-Send-Pr-Version: 3.95

>Number:         15085
>Category:       bin
>Synopsis:       IPMON does't look for A after a PTR lookup
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          suspended
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sat Dec 29 12:42:01 +0000 2001
>Closed-Date:    
>Last-Modified:  Sat Dec 29 20:33:31 +0000 2001
>Originator:     Jean-Edouard BABIN
>Release:        NetBSD 1.5.1
>Organization:
>Environment:

System: NetBSD NetBSD 1.5.2 NetBSD 1.5.2 (NETBSD-1.5.2-JEB) #1: Sat Sep 15 00:40:33 GMT-2 2001 jeb@NetBSD:/usr/src/sys/arch/i386/compile/NETBSD-1.5.2-JEB i386


>Description:
When ipmon is used with -n to resolve ip into dns, he doesn't look if this 
reverse realy exist, so sometime i get fake reverse in my ipmon log, so i 
can't get the true ip
i think that ipmon muss not do:
IP -> Reverse (PTR) -> Ok > log
but:
IP -> Reverse -> try to resolve Reverse into IP(2) -> IP = IP(2) -> Ok > log

>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:

From: gabriel rosenkoetter <gr@eclipsed.net>
To: Jeb@jeb.com.fr
Cc: gnats-bugs@gnats.netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: bin/15085: IPMON does't look for A after a PTR lookup
Date: Sat, 29 Dec 2001 11:56:09 -0500

 --U3BNvdZEnlJXqmh+
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable

 On Sat, Dec 29, 2001 at 01:42:30PM +0100, Jeb@jeb.com.fr wrote:
 > >Description:
 > When ipmon is used with -n to resolve ip into dns, he doesn't look if thi=
 s=20
 > reverse realy exist, so sometime i get fake reverse in my ipmon log, so i=
 =20
 > can't get the true ip
 > i think that ipmon muss not do:
 > IP -> Reverse (PTR) -> Ok > log
 > but:
 > IP -> Reverse -> try to resolve Reverse into IP(2) -> IP =3D IP(2) -> Ok =
 > log

 Hrm. You're getting exactly what you asked for, of course, which is
 a resolved host name. The easy solution if you always want to know
 what the address was is to simply not use the -n flag. (Imho, impon
 doing a whois lookup and parsing the output into the logs would be
 far more useful than a DNS lookup.)

 The resolution routine that you're suggesting is *significantly*
 slower (write yourself a test program, try it with some IPs leased
 to .kr). Slowing down ipmon's logging is not really something you'd
 like to do. Perhaps as a separate option, but I don't think I'm the
 only person who'd rather not see this added to the -n flag.

 Also, is this maybe something that would be better taken up in the
 IPF development forum?

 --=20
 gabriel rosenkoetter
 gr@eclipsed.net

 --U3BNvdZEnlJXqmh+
 Content-Type: application/pgp-signature
 Content-Disposition: inline

 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.0.6 (NetBSD)
 Comment: For info see http://www.gnupg.org

 iEYEARECAAYFAjwt9akACgkQ9ehacAz5CRpXagCgjvfd1Am8V6krqaokWKexi6Kb
 QVsAn00Q8fQSqzsl05H4KyzTdvcvk8wc
 =Yjmh
 -----END PGP SIGNATURE-----

 --U3BNvdZEnlJXqmh+--
State-Changed-From-To: open->suspended 
State-Changed-By: tv 
State-Changed-When: Sat Dec 29 12:31:57 PST 2001 
State-Changed-Why:  
This is a change-request, not a sw-bug. 
Suspended for the moment, as paranoid DNS lookups are particularly slow and 
prone to causing the logs to stuff up quite a bit.  What you're probably looking 
for, instead, is a Perl script that does these lookups on a *complete* log, 
where the log tracked only IP addresses.  (Note that IP addresses tend to be 
the most useful data in such a log, not hostnames....) 
>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.