<p>The situation regarding DNS is highly undesirable. For
Apache 1.2 we've attempted to make the server at least continue
booting in the event of failed DNS, but it might not be the
best we can do. In any event, requiring the use of explicit IP
addresses in configuration files is highly undesirable in
today's Internet where renumbering is a necessity.</p>
<p>A possible work around to the theft of service attack
described above would be to perform a reverse DNS lookup on the
IP address returned by the forward lookup and compare the two
names -- in the event of a mismatch, the virtualhost would be
disabled. This would require reverse DNS to be configured
properly (which is something that most admins are familiar with
because of the common use of "double-reverse" DNS lookups by
FTP servers and TCP wrappers).</p>
<p>In any event, it doesn't seem possible to reliably boot a
virtual-hosted web server when DNS has failed unless IP
addresses are used. Partial solutions such as disabling
portions of the configuration might be worse than not booting
at all depending on what the webserver is supposed to
accomplish.</p>
<p>As HTTP/1.1 is deployed and browsers and proxies start
issuing the <code>Host</code> header it will become possible to
avoid the use of IP-based virtual hosts entirely. In this case,
a webserver has no requirement to do DNS lookups during
configuration. But as of March 1997 these features have not
been deployed widely enough to be put into use on critical
webservers.</p>
</div></div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="./en/dns-caveats.html" title="English"> en </a> |
<a href="./ja/dns-caveats.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
<a href="./ko/dns-caveats.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
</div><div id="footer">
<p class="apache">Copyright 1999-2004 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>