Menu
▾
▴
#62 stale addresses never updated from DNS
HIP retains stale addresses, and will not update them from DNS or /etc/hosts once the address has been resolved and added to known_host_identities.xml. Note that a workaround would be to set save_known_identities to "no" in the hip.conf file, but still you would need to restart the hip process to trigger resolution and update a stale peer address.
Below are the steps to reproduce this error:
1. Suppose host "responder" has address A in DNS, e.g. 'ping responder' works.
2. Put a bogus entry in /etc/hosts that says "responder" has address B.
3. Start HIP, with a known_host_identities.xml file containing an entry for "responder" with no address.
HIP will resolve address B from /etc/hosts.
4. Attempting any connection to "responder" will fail.
5. Remove the offending address B entry from /etc/hosts. Retransmitted packets will continue to use B instead of A. Restart HIP, and HIP will continue to use address B instead of A. Now you are stuck unless you remove the address manually from known_host_identities.xml.
