This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.
Michael, > To: address@hidden > From: Michael McEniry <address@hidden> > Subject: host aliasing and LDM best practices > Organization: UAH / ITSC > Keywords: 200510052145.j95LjfG7022312 LDM DNS The above message contained the following: > If we want to "publish" a host alias for our LDM node (both > upstream and downstream) instead of the host's canonical name, > what are best practices covering this? > > Specifically, we have a computer, thor.itsc.uah.edu, that will be > our primary LDM node. We want to tell our feed partners to use > "ldm1.itsc.uah.edu" in their allow and request lines. Eventually, > we'd like to also have "ldm2" for redundancy and load balancing. > What are the advantages or disadvantages of using a CNAME record > (ldm1 -> thor) vs a second A record (ldm1 -> thor's IP address). I'm afraid that questions is outside my area of expertise, so I've forwarded your question to our systems and network administrator. > The request part seems straightforward. How does LDM handle > permission checking for allow entries? The LDM gets the IP address of the remote host from the TCP connection. It then uses the gethostbyaddr() system call to obtain the corresponding hostname. It then searches the ALLOW entries in its configuration-file for the first entry whose host-pattern matches EITHER the IP address or the hostname. Thus, it's your choice what kind of host-patterns to use. > My experience with various protocols, especially Sun-RPC-based > ones like NFS and Legato Networker, has been fairly mixed. Most > use the result of reverse mapping the IP address (ie, PTR > records). Some will even map that name back to an IP address as a > safety check. The LDM does the former but not the latter. > Thanks. > > By the way, I tried the UCAR ultraseek search > <http://www.unidata.ucar.edu/support/help/ultraseek.html>, but it > seems to be broken. It worked for me. In what sense was it broken? > Michael McEniry > University of Alabama in Huntsville > Information Technology & Systems Center > <address@hidden> +1.256.824.5158 Regards, Steve Emmerson > NOTE: All email exchanges with Unidata User Support are recorded in the > Unidata inquiry tracking system and then made publicly available > through the web. If you do not want to have your interactions made > available in this way, you must let us know in each email you send to us.