cups: no access with dyndns

Michael Sweet mike at easysw.com
Fri Aug 6 03:35:46 PDT 2004 

jba wrote:
> Michael Sweet wrote:
> 
>> jba wrote:
>> 
>>> ...
>>> 
>>>> Probably what is happening is that the reverse lookup of the IP
>>>>  address is not returning lisa.dyndns.org.
>> 
>> .....
>> 
>> The "double" option does:
>> 
>> IP -> name name -> IP2
>> 
>> If the IP -> name lookup fails or if IP != IP2, then the host is
>> rejected.
>> 
>> The normal hostname lookup stuff just does the IP -> name lookup,
>> and uses the IP as the name if it can't be found.
>> 
> 
> 
> Tahnks, now I understand. But why is cups using this reverse lookup
> scheme? Security reasons? If cups would use the name I specified with

First, it is consistent with Apache, and we try to emulate the
HTTP functionality/configuration of Apache whenever possible to
avoid confusion.  The current implementation matches the behavior
of Apache.

Second, the double-lookup is a security feature.

Finally, we don't lookup the IP of allow/deny names for performance
reasons - if you have thousands of connections per second (definite
possibility on a busy server) you don't want to be doing extra
host lookups for every allow/deny name!

> 'Allow From', looks up its ip and then compares this with the IP of
> the client, everything would be ok. I think, this is the only way to
> allow administartion with a dynamic ip. Wouldnt it be a good idea, to
> implement an option to anable this?

No, for the reasons above.

> ...
> I am not sure if I understood you right. But I think I would have to
> replace each dynamic ip (or its name) in cupsd.conf. So I would first
> need to login via ssh, cahnage cupsd.conf, restart cups and would
> then be able to have web access. Is this what you meant?
 > ...

No, just that the resolver needs to be told that your dynamic IP
maps to your dyndns hostname.  The simplest way to do this is to
add your IP to the /etc/hosts file.

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products           mike at easysw dot com
Printing Software for UNIX                       http://www.easysw.com

More information about the cups mailing list