[Mimedefang] Adding support for learning our addresses

Sean Ware sware at midwaygames.com
Tue Jan 31 16:02:20 EST 2006 

Matthew.van.Eerde at hbinc.com (Matthew.van.Eerde at hbinc.com) @ 2006.01.31 11:21:47 -0800:
> Hence services like www.whatismyip.com
> 
> What I think would be really nice is a new kind of DNS
> record... something like WHOAMI... that provides this kind of a
> service.  So for example 
> 
> dig -t WHOAMI your-friendly-neighborhood-dns-server.example.com
> 
> would return (in the ANSWER section) the IP address that
> your-friendly-neighborhood-dns-server sees the request coming from. 

I think this would probably just yield the public IP address of your
DNS resolver, unless you queried the service's own DNS server
directly. 

Because if I just did this:

 dig -t WHOAMI your-friendly-neighborhood-dns-server.example.com

One of the following conditions would need to be true:

 1) My normal DNS server(s) as listed in /etc/resolv.conf would need
    to understand the WHOAMI query type and adjust for it when it sent
    the query up the DNS recursion string.

 2) You'd need to replace your DNS server in /etc/resolv.conf with the
    WHOAMI service provider's DNS servers, and do all of your DNS
    query types against it.

Otherwise you're probably going to get a response like this:

; <<>> DiG 9.2.1 <<>> whoami your-friendly-neighborhood-dns-server.example.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28667
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 6, ADDITIONAL: 0

;; QUESTION SECTION:
;your-friendly-neighborhood-dns-server.example.com. 

;; ANSWER SECTION:
WHOAMI             300     IN      A       216.239.32.10

;; Query time: 49 msec
;; SERVER: 216.239.32.10#53(216.239.32.10)
;; WHEN: Tue Jan 31 14:53:30 2006
;; MSG SIZE  rcvd: 196



Something like:

 dig -t WHOAMI what.is.my.ip.address @whoami.dns.example.com

Might be useful. Still need to modify dig (or some other DNS-related
tool) to do WHOAMI queries, although I suppose an A-record query would
work just as well in this instance.

Maybe I'm overthinking the idea. -- Is there a particular reason why
you'd prefer this to be a DNS-based service than HTTP?

....Sean

-- 
Sean Ware                          Midway Amusement Games, LLC
Senior Network Engineer                  2727 W. Roscoe Street
Information Technology Department       Chicago, IL 60618-5909
sware at midwaygames.com                           (773) 961-2000

More information about the MIMEDefang mailing list