client with private address
I want to backup a client on a private network 10.160.32, but amanda seems to be looking for a DNS to resolve the IP, and then do a reverse lookup on the IP to get the hostname. Is there a way to do this without setting up a DNS for 10.160.32? I wish amanda would just believe the address that I put in disklist instead of double-checking with a DNS. Does she not trust me? Am I not trustworthy? I guess I'll pick at the docs for gethostbyaddr and gethostbyname calls to see if there is any way to modify their behavior, or if there is a different routine that I could plug in that would check /etc/hosts first, or something like that. --jonathan
Re: client with private address
Nevermind--I just added the address of the server to /etc/hosts on the client and that fixed the problem. Some very useful information in man gethostbyname and man gethostbyaddr /etc/host.conf may be consulted for the res order for those two calls. The default is to check bind first, but you can override that by putting order hosts, bind in /etc/host.conf. At least that's how it works on some flavors of Linux. Jonathan Dill wrote: I want to backup a client on a private network 10.160.32, but amanda seems to be looking for a DNS to resolve the IP, and then do a reverse lookup on the IP to get the hostname. Is there a way to do this without setting up a DNS for 10.160.32? I wish amanda would just believe the address that I put in disklist instead of double-checking with a DNS. Does she not trust me? Am I not trustworthy? I guess I'll pick at the docs for gethostbyaddr and gethostbyname calls to see if there is any way to modify their behavior, or if there is a different routine that I could plug in that would check /etc/hosts first, or something like that. --jonathan
Re: client with private address
Am Dienstag, 9. März 2004 20:11 schrieben Sie: I want to backup a client on a private network 10.160.32, but amanda I think, that an ipv4 address has four address parts, you have only three. seems to be looking for a DNS to resolve the IP, and then do a reverse lookup on the IP to get the hostname. Is there a way to do this without setting up a DNS for 10.160.32? I wish amanda would just believe the address that I put in disklist instead of double-checking with a DNS. Does she not trust me? Am I not trustworthy? I guess I'll pick at the docs for gethostbyaddr and gethostbyname calls to see if there is any way to modify their behavior, or if there is a different routine that I could plug in that would check /etc/hosts first, or something like that. --jonathan Johnny
Re: client with private address
A common shorthand for specifying a Class C subnet is to leave off the 4th number, basically the same thing as 10.160.32.0, 10.160.32.0/24, or 10.160.32.0/255.255.255.0 etc. On Tue, 2004-03-09 at 15:26, Hans-Christian Armingeon wrote: Am Dienstag, 9. März 2004 20:11 schrieben Sie: I want to backup a client on a private network 10.160.32, but amanda I think, that an ipv4 address has four address parts, you have only three. -- Jonathan Dill [EMAIL PROTECTED] jfdill.com
Re: client with private address
--On Tuesday, March 09, 2004 14:11:29 -0500 Jonathan Dill [EMAIL PROTECTED] wrote: I want to backup a client on a private network 10.160.32, but amanda seems to be looking for a DNS to resolve the IP, and then do a reverse lookup on the IP to get the hostname. Is there a way to do this without setting up a DNS for 10.160.32? I wish amanda would just believe the address that I put in disklist instead of double-checking with a DNS. Does she not trust me? Am I not trustworthy? I suspect that Amanda was designed to use hostnames in their disklists and .amandahosts, and names are very easy to spoof, so the lookups are done to verify that the correct host is connecting. I'm sure the code could be modified to not do lookups if given an IP, but having proper DNS has many other benefits than just helping Amanda. I had the same problem when I started backing up multiple sites using a mixture of public, private, and NATed addresses. Setting up multiple DNS servers that could properly forward and reverse everything (returing different addresses depending on where you were) was a bit of a pain, but made life much easier afterwards. Frank I guess I'll pick at the docs for gethostbyaddr and gethostbyname calls to see if there is any way to modify their behavior, or if there is a different routine that I could plug in that would check /etc/hosts first, or something like that. --jonathan -- Frank Smith [EMAIL PROTECTED] Sr. Systems Administrator Voice: 512-374-4673 Hoover's Online Fax: 512-374-4501
Re: client with private address
Hi Frank, The documentation for gethostbyaddr and gethostbyname explained how each call goes about looking up addresses. At least under Linux, there were several opportunities to override the default behavior and make the routines consult /etc/hosts first. In my particular case, there are only two private addresses that I need to handle due to the amanda server and client having a direct cross-over connection, for an unrelated purpose. For two IP addresses, it really didn't seem worth it to set up a local DNS with forward and reverse domains. As for address spoofing, there are basically 2 scenarios that I can think of: 1. idiot hacker causes some backup(s) to fail on one night, maybe a DoS, but that's about the extent of it 2. hacker who knows about amanda, and has the right ports open to intercept and capture the stream, possibly to steal sensitive data #2 would probably be loads easier to do with just a run of the mill sniffer that can capture streams, and the activity would be much less likely to be detected. I can't see the benefit of impersonating the amanda server, besides which it would cause loads of errors and send up red flags that something was going on. Not to mention that if your data is all that sensitive, you should really be encrypting the data on the client and not sending it in the clear across the network, and the systems should be behind a tight firewall if not disconnected from the internet altogether. I really can't imagine DNS spoofing being that big of a risk with respect to amanda. Having the addresses hard coded in /etc/hosts and looking at that and not the DNS should be more secure than relying on DNS lookups crossing the network, which could be spoofed. Frank Smith wrote: I suspect that Amanda was designed to use hostnames in their disklists and .amandahosts, and names are very easy to spoof, so the lookups are done to verify that the correct host is connecting. I'm sure the code could be modified to not do lookups if given an IP, but having proper DNS has many other benefits than just helping Amanda.
