[Dxspider-support] Node verification

[Lists]

What you are talking about is implementing a whitelist of IPs that are permitted to connect to a node based on A records in DNS, right?

So when the end user registers with you they give you their hostname, this is stored locally with callsign linked to hostname.
Then when someone connects with the callsign the hostname is looked up and if the IP doesn't match the IP of the session don't allow access.

Did I understand correctly?

Chris - G1FEF



> On 10 Feb 2025, at 14:15, Mike McCarthy, W1NR via Dxspider-support <dxspider-support at tobit.co.uk> wrote:
> 
> I'm not talking about REVERSE DNS, only the DNS address that is used for the users that connect to the node. Even a dynamic ones have a DNS entry via noip.com that users use to connect. DNS is VERY difficult to spoof. And, I am only talking about the node connection at the host node.
> 
> Connection request comes in. Lookup says it's callsign is a node. It has an IP it is connecting from. Lookup in a table the DNS for that node call. Do a DNS query and match the IP address. If no match, drop. If a match, allow. Those with dynamic IP's might have a period where the DNS servers need to flush their caches, but TTL should be set to 5 minutes.
> 
> You would only need to maintain a table of DNS names for the nodes that are using you as a feed.
> 
> On 2/10/2025 7:58 AM, Lists via Dxspider-support wrote:
>> Unfortunately not every IP address has a reverse DNS (PTR) record plus a lot of end users are connected via networks with dynamic IPs that change on a regular basis.
>> Chris - G1FEF
> 
> 
> -- 
> 73 de Mike, W1NR
> 
> THAT was the equation. EXISTENCE!... SURVIVAL... must cancel out... programming!
> 
> - Ruk -
> 
> 
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support