[Dxspider-support] Node verification
Mikel EA2CW
ea2cw at gautxori.com
Mon Feb 10 14:42:43 GMT 2025
Ok Mike, thanks for explanation, but -correct me if I am wrong- talking
just about nodes, the DNS table system will only secure the ID of my
partners. If they are also connected to nodes which software doesn't
implement this facility, the fake spots will come in anyway, right?
OTOH, that system will imply changes on the spider software and the
updating of all the nodes (spider) of the net , so, in order to identify
our partner nodes IDs, why don't we use the password system that is
already made and running?
I agree that the DNS id system could be safer than passwords transmitted
by unencrypted telnet, but as it is already said here, who will hack the
ISPs to snif the telnet traffic between nodes?
IMHO, better if we follow the KISS principle...
Thanks again and 73 de Mikel EA2CW | AE2CW
El 10/2/25 a las 15:15, Mike McCarthy, W1NR via Dxspider-support escribió:
> I'm not talking about REVERSE DNS, only the DNS address that is used for
> the users that connect to the node. Even a dynamic ones have a DNS entry
> via noip.com that users use to connect. DNS is VERY difficult to spoof.
> And, I am only talking about the node connection at the host node.
>
> Connection request comes in. Lookup says it's callsign is a node. It has
> an IP it is connecting from. Lookup in a table the DNS for that node
> call. Do a DNS query and match the IP address. If no match, drop. If a
> match, allow. Those with dynamic IP's might have a period where the DNS
> servers need to flush their caches, but TTL should be set to 5 minutes.
>
> You would only need to maintain a table of DNS names for the nodes that
> are using you as a feed.
>
More information about the Dxspider-support
mailing list