On Wed, 10 Oct 2012, Arturo Borrero wrote:
> I've been doing some test, and I'm unable to get all A or AAAA registers
> of a FQDN inside a set (i.e. hash:ip).
>
> Try it yourself:
>
> $ host dl.dropbox.com
> [6 ips]
> # ipset create hash:ip test
> # ipset add test dl.dropbox.com
> # ipset list test
> [just 1 ip]
>
> I took a look at the source of ipset (on git repo), but I was unable to
> determine where in the code the desition of drop (or ignore) additional DNS
> resolutions is being taken. (Yes, i'm a noob programmer)
Yes, that's right. If hostname is supplied as input, just the first
resolved IP address is used. Look at into lib/parse.c:
/*
* Parse IPv4/IPv6 addresses, networks and ranges.
* We resolve hostnames but just the first IP address is used.
*/
static struct addrinfo *
call_getaddrinfo(struct ipset_session *session, const char *str,
uint8_t family)
{
...
Best regards,
Jozsef
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
