how does one/could one go about determining if an IP Address is actually

given that the whole initial assumption of the internet/dns is that a dns
server wnats to return honest information, i can start to see what happens
if this assumption breaks down. but if i could 'poll' a sampling of dns
servers for a given URL/Ip Address, shouldn't i be able to more or less
determine if the address that i'm generating for the URL is 'valid'. and
yeah, i'm willing to assume that a URL could have multiple 'valid' IP

but if i poll 500-1000 DNS servers for a given IP Address, shouldn't i start
to see patterns that tell me what the valid IP addresses are for the URL, so
that an address that gets returned to me (or a false one that's hard coded)
could be identified as being false...




-----Original Message-----
From: []On
Behalf Of Barry Margolin
Sent: Saturday, April 09, 2005 7:42 AM
Subject: Re: pharming.. dns cache insertion...

In article ,
Brad Knowles wrote:

> At 2:02 PM -0700 2005-04-08, bruce wrote:
> > i got to thinking about this after your 1st email... my basic question

> > is there a list/compilation of valid IP addresses, taking into account

> > the list is completely dynamic.. has anyone tried to compile such a

> > how the hell would you even do it?

> With regards to individual IP addresses, that's not possible.
> Among other things, a given IP address range may be validly assigned
> to someone, but they may allocate IP addresses out of that range on a
> dynamic basis to their clients. Assuming their range is not
> completely full, there will always be some addresses which are not
> currently assigned -- but you never know which ones.

From the context, I'm pretty sure he was asking about valid IP address
of authoritative DNS servers, not valid IP addresses in general.

Barry Margolin,
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***