From f8d9d05cfb1ea783457a14d3cf7fdf4d8fa450f2 Mon Sep 17 00:00:00 2001 From: Lorry Tar Creator Date: Tue, 8 Apr 1997 00:29:19 +0000 Subject: Imported from /home/lorry/working-area/delta_tcp-wrappers/tcp_wrappers_7.6.tar.gz. --- README.NIS | 207 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 207 insertions(+) create mode 100644 README.NIS (limited to 'README.NIS') diff --git a/README.NIS b/README.NIS new file mode 100644 index 0000000..34d39e2 --- /dev/null +++ b/README.NIS @@ -0,0 +1,207 @@ +@(#) README.NIS 1.2 96/02/11 17:24:52 + +> Problem: I have several [machines] with multiple IP addresses, and +> when they try to connect to a daemon with tcp wrapper, they are often +> rejected. I assume this is due to the -DPARANOID option, and depends +> on which IP address is returned first from the nameserver for a given +> name. This behavior seems to be random, may depend on ordering in +> the YP host map? + +[Note: the situation described below no longer exists. Presently, my +internet gateway uses the same IP address on all interfaces. To avoid +confusion I have removed the old name wzv-gw.win.tue.nl from the DNS. I +have kept the discussion below for educational reasons]. + +NIS was not designed to handle multi-homed hosts. With NIS, each +address should have its own hostname. For example, wzv-gw is my +gateway. It has two interfaces: one connected to the local ethernet, +the other to a serial link. In the NIS it is registered as: + + 131.155.210.23 wzv-gw-ether + 131.155.12.78 wzv-gw-slip + +In principle, wzv-gw could be the official name of one of these +interfaces, or it could be an alias for both. + +The DNS was designed to handle multi-homed hosts. In the DNS my gateway +is registered in zone win.tue.nl, with one name that has two A records: + + wzv-gw IN A 131.155.210.23 + IN A 131.155.12.78 + +And of course there are PTR records in zones 210.155.131.in-addr.arpa +and 12.155.131.in-addr.arpa that point to wzv-gw.win.tue.nl. + +This setup does not cause any problems. You can test your name service +with the two programs below. This is what they say on a local NIS client +(both client and server running SunOS 4.1.3_U1): + + % gethostbyname wzv-gw + Hostname: wzv-gw.win.tue.nl + Aliases: + Addresses: 131.155.210.23 131.155.12.78 + + % gethostbyaddr 131.155.210.23 + Hostname: wzv-gw-ether + Aliases: + Addresses: 131.155.210.23 + + % gethostbyaddr 131.155.12.78 + Hostname: wzv-gw-slip + Aliases: + Addresses: 131.155.12.78 + +Things seem less confusing when seen by a NIS client in a different +domain (both client and server running SunOS 4.1.3_U1): + + % gethostbyname wzv-gw.win.tue.nl + Hostname: wzv-gw.win.tue.nl + Aliases: + Addresses: 131.155.210.23 131.155.12.78 + + % gethostbyaddr 131.155.210.23 + Hostname: wzv-gw.win.tue.nl + Aliases: + Addresses: 131.155.12.78 131.155.210.23 + + % gethostbyaddr 131.155.12.78 + Hostname: wzv-gw.win.tue.nl + Aliases: + Addresses: 131.155.210.23 131.155.12.78 + +Alas, Solaris 2.4 still has problems. This is what I get on a Solaris +2.4 NIS client, with a SunOS 4.1.3_U1 NIS server: + + % gethostbyname wzv-gw.win.tue.nl + Hostname: wzv-gw.win.tue.nl + Aliases: 131.155.210.23 wzv-gw.win.tue.nl + Addresses: 131.155.12.78 + +The tcpd source comes with a workaround for this problem. The +workaround is ugly and is not part of the programs attached below. + + +#! /bin/sh +# This is a shell archive. Remove anything before this line, then unpack +# it by saving it into a file and typing "sh file". To overwrite existing +# files, type "sh file -c". You can also feed this as standard input via +# unshar, or by typing "sh gethostbyaddr.c <<'END_OF_gethostbyaddr.c' +X /* +X * gethostbyaddr tester. compile with: +X * +X * cc -o gethostbyaddr gethostbyaddr.c (SunOS 4.x) +X * +X * cc -o gethostbyaddr gethostbyaddr.c -lnsl (SunOS 5.x) +X * +X * run as: gethostbyaddr address +X * +X * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. +X */ +X +X#include +X#include +X#include +X#include +X#include +X#include +X +Xmain(argc, argv) +Xint argc; +Xchar **argv; +X{ +X struct hostent *hp; +X long addr; +X +X if (argc != 2) { +X fprintf(stderr, "usage: %s i.p.addres\n", argv[0]); +X exit(1); +X } +X addr = inet_addr(argv[1]); +X if (hp = gethostbyaddr((char *) &addr, sizeof(addr), AF_INET)) { +X printf("Hostname:\t%s\n", hp->h_name); +X printf("Aliases:\t"); +X while (hp->h_aliases[0]) +X printf("%s ", *hp->h_aliases++); +X printf("\n"); +X printf("Addresses:\t"); +X while (hp->h_addr_list[0]) +X printf("%s ", inet_ntoa(*(struct in_addr *) * hp->h_addr_list++)); +X printf("\n"); +X exit(0); +X } +X fprintf(stderr, "host %s not found\n", argv[1]); +X exit(1); +X} +END_OF_gethostbyaddr.c +if test 1073 -ne `wc -c gethostbyname.c <<'END_OF_gethostbyname.c' +X /* +X * gethostbyname tester. compile with: +X * +X * cc -o gethostbyname gethostbyname.c (SunOS 4.x) +X * +X * cc -o gethostbyname gethostbyname.c -lnsl (SunOS 5.x) +X * +X * run as: gethostbyname hostname +X * +X * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. +X */ +X#include +X#include +X#include +X#include +X#include +X#include +X +Xmain(argc, argv) +Xint argc; +Xchar **argv; +X{ +X struct hostent *hp; +X +X if (argc != 2) { +X fprintf(stderr, "usage: %s hostname\n", argv[0]); +X exit(1); +X } +X if (hp = gethostbyname(argv[1])) { +X printf("Hostname:\t%s\n", hp->h_name); +X printf("Aliases:\t"); +X while (hp->h_aliases[0]) +X printf("%s ", *hp->h_aliases++); +X printf("\n"); +X printf("Addresses:\t"); +X while (hp->h_addr_list[0]) +X printf("%s ", inet_ntoa(*(struct in_addr *) * hp->h_addr_list++)); +X printf("\n"); +X exit(0); +X } else { +X fprintf(stderr, "host %s not found\n", argv[1]); +X exit(1); +X } +X} +END_OF_gethostbyname.c +if test 999 -ne `wc -c