• Iain R. Learmonth's avatar
    Provides more accurate DNS results · 48e5ff84
    Iain R. Learmonth authored
    This commit adds two new fields: {un,}verified_host_names.
    Whereas previously InetAddress was used to resolve reverse domain
    names, this instead changes the lookup mechanism to use JNDI allowing
    for a deeper view into the DNS. It also accounts for the fact that
    multiple PTR records are not forbidden in the DNS specification and are
    often used in shared hosting scenarios.
    A host name is considered verified if it has a matching forward record.
    If a PTR value is found to have multiple A records, it will be
    considered verified if any one of the A records matches the original
    address. If no matching record is found, it will be reported as an
    unverified host name.
    Previously, unverified host names were discarded internally by the
    InetAddress lookup mechanism and so this data could not be used.
    To maintain "bug compatibility" with the previous implementation of the
    "host_name" field, which will now be deprecated, the IP address is
    returned when a lookup fails.
    The host_name field continues to be used, but now will consider all
    verified and unverified host names. If finer grained filtering is
    needed, then a seperate ticket could be filed for that, but it is
    unclear that it is useful enough to justify the work.
    Fixes: #18342
To find the state of this project's repository at the time of any of these versions, check out the tags.