[Hipsec-rg] reverse DNS lookups of HITs

oleg.ponomarev at hiit.fi (Oleg Ponomarev) Tue, 13 January 2009 15:19 UTC

From: "oleg.ponomarev at hiit.fi"
Date: Tue, 13 Jan 2009 17:19:45 +0200
Subject: [Hipsec-rg] reverse DNS lookups of HITs
In-Reply-To: <496CAC75.8070304@hiit.fi>
References: <E1LMUy5-00069S-00@alva.home> <alpine.LFD.2.00.0901130935560.17180@stargazer.pc.infrahip.net> <BC5BEFD4-1EFC-43DB-BD37-55E12F00408E@indranet.co.nz> <alpine.LFD.2.00.0901131152290.17180@stargazer.pc.infrahip.net> <B09D992B-C373-4325-AE4C-E0C3C2E96877@indranet.co.nz> <496CAC75.8070304@hiit.fi>
Message-ID: <alpine.LFD.2.00.0901131709320.17180@stargazer.pc.infrahip.net>

Miika,

no, we do not care about the IP addresses in this case. The hosts send 
their FQDNs (available to the HIP daemon) in I2/R2 packets and those FQDNs 
are returned by the resolver for the HITs.

It sounds good in theory, but is painful to implement, IMHO.

> (assuming I understood you correctly), there may be no HIP associations 
> available that contain HIT-to-IP mapping information. So we can't always rely 
> on that and I am not sure if it is a good idea to store the mappings 
> permanently on disk available to the HIP daemon.

-- 
Regards, Oleg.