locked
name resolution issue RRS feed

  • Question

  • Hello everyone,



    Suppose I have a local machine named (host) mytestmachine, and in my intranet, I am using transparent proxy server, which will do DNS resolution.

    1.

    My question is, when I send an Http request to the local machine, even if in the same domain, using the following Url,
    http://mytestmachine:8080/test, then my question is the traffic is still send to proxy server and proxy will do a round of DNS resolution -- and may search WWW DNS servers to resolve mytestmachine to IP address? Is it not smart enough to know the machine is local domain machine?

    2.

    And second question is, using IP address other than machine name will resolve this issue to bypass DNS resolution and even by pass proxy if in the same domain, e.g. http://10.10.2.75:8080/test? Any other solutions?



    regards,
    George

    Tuesday, August 19, 2008 7:04 AM

All replies

  •  Ok let's try to sort this out.. Anything that's a proxy acts in behalf of something else.  So your topology would look like this:

    Client--->Proxy--->Server

    This may or may not apply to clients within the same subnet but depends on the configuration of the proxy.  DNS resolution is ALWAYS initiated by the client, so your question of "will the proxy do a round of DNS" is dependant on 1) The client requesting a resolve and 2) Who is configured to do that.  DNS resolves are usually put out in a broadcast manner, with either the DNS server or Proxy respondoing.  In the case of a Proxy it could be acting on behalf of the ARP or physical representation of the device or it could be acting at a higher level (TCP) layer on behalf of the DNS server in a pseudo routing function.  Bottom line is that either the Proxy will respond (from the client perspective) or the DNS server will.  It just depends on how your network is set up.  The rules of DNS are this Try the host name, then if bad append the domain, name send out the requests to anyone that wants to respond, but when the response is returned determine whether or not the answer is definitive for the domain.  If it is, then you have the answer, if it's not then the resolve may either be forwarded or the request can go out again to the next in your line of DNS servers that are configured on the client.


    Your second solution is never good.  Many that don't understand TCP/IP well, seem to feel it's ok to just use IP addresses.  While it does work and it does provide a solution immediately, it is ALWAYS a potential point of failure.  Good practice in a TCP network says "Always use DNS".  This allows all client adminstration to be centralized.  When you decide to not use DNS then you are bypassing things like dynamic DNS, dynamic name resolution and the biggest issue is that every application that has hardcoded IP addresses will one day have to change, that day is the day that server is moved to a new network or a new NIC card is put in..etc.  The problem is this usually happens late at night when you're doing a server move or upgrade, the next morning everyone comes in a 5 applications won't run because of the hardcoded values.  Now if you're lucky you can get it all corrected in 20 minutes...  But how long is 20 minutes in the computer world?  More like 5 days depending on availability of the people needed and or the severity of the issue.  You don't want a Severity 1 issue just because of IP addresses that weren't maintained in the beautiful protocol called DNS.

    Javaman
    Tuesday, August 19, 2008 4:56 PM