[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 20051005: host aliasing and LDM best practices



Michael,

> To: address@hidden
> From: Michael McEniry <address@hidden>
> Subject: host aliasing and LDM best practices
> Organization: UAH / ITSC
> Keywords: 200510052145.j95LjfG7022312 LDM DNS

The above message contained the following:

> If we want to "publish" a host alias for our LDM node (both 
> upstream and downstream) instead of the host's canonical name, 
> what are best practices covering this?
> 
> Specifically, we have a computer, thor.itsc.uah.edu, that will be 
> our primary LDM node. We want to tell our feed partners to use 
> "ldm1.itsc.uah.edu" in their allow and request lines. Eventually, 
> we'd like to also have "ldm2" for redundancy and load balancing. 
> What are the advantages or disadvantages of using a CNAME record 
> (ldm1 -> thor) vs a second A record (ldm1 -> thor's IP address).

I'm afraid that questions is outside my area of expertise, so I've
forwarded your question to our systems and network administrator.

> The request part seems straightforward. How does LDM handle 
> permission checking for allow entries?

The LDM gets the IP address of the remote host from the TCP connection.
It then uses the gethostbyaddr() system call to obtain the corresponding
hostname.  It then searches the ALLOW entries in its configuration-file
for the first entry whose host-pattern matches EITHER the IP address or
the hostname.  Thus, it's your choice what kind of host-patterns to use.

> My experience with various protocols, especially Sun-RPC-based 
> ones like NFS and Legato Networker, has been fairly mixed. Most 
> use the result of reverse mapping the IP address (ie, PTR 
> records). Some will even map that name back to an IP address as a 
> safety check.

The LDM does the former but not the latter.

> Thanks.
> 
> By the way, I tried the UCAR ultraseek search 
> <http://www.unidata.ucar.edu/support/help/ultraseek.html>, but it 
> seems to be broken.

It worked for me.  In what sense was it broken?

> Michael McEniry
> University of Alabama in Huntsville
> Information Technology & Systems Center
> <address@hidden> +1.256.824.5158

Regards,
Steve Emmerson

> NOTE: All email exchanges with Unidata User Support are recorded in the
> Unidata inquiry tracking system and then made publicly available
> through the web.  If you do not want to have your interactions made
> available in this way, you must let us know in each email you send to us.