--U3BNvdZEnlJXqmh+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Dec 29, 2001 at 01:42:30PM +0100, Jeb@jeb.com.fr wrote:
> >Description:
> When ipmon is used with -n to resolve ip into dns, he doesn't look if thi=
s=20
> reverse realy exist, so sometime i get fake reverse in my ipmon log, so i=
=20
> can't get the true ip
> i think that ipmon muss not do:
> IP -> Reverse (PTR) -> Ok > log
> but:
> IP -> Reverse -> try to resolve Reverse into IP(2) -> IP =3D IP(2) -> Ok =
> log

Hrm. You're getting exactly what you asked for, of course, which is
a resolved host name. The easy solution if you always want to know
what the address was is to simply not use the -n flag. (Imho, impon
doing a whois lookup and parsing the output into the logs would be
far more useful than a DNS lookup.)

The resolution routine that you're suggesting is *significantly*
slower (write yourself a test program, try it with some IPs leased
to .kr). Slowing down ipmon's logging is not really something you'd
like to do. Perhaps as a separate option, but I don't think I'm the
only person who'd rather not see this added to the -n flag.

Also, is this maybe something that would be better taken up in the
IPF development forum?

--=20
gabriel rosenkoetter
gr@eclipsed.net

--U3BNvdZEnlJXqmh+
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjwt9akACgkQ9ehacAz5CRpXagCgjvfd1Am8V6krqaokWKexi6Kb
QVsAn00Q8fQSqzsl05H4KyzTdvcvk8wc
=Yjmh
-----END PGP SIGNATURE-----

--U3BNvdZEnlJXqmh+--