[Opensim-dev] Fwd: Canonical name versus www names in Opensim (Ferd Frederix)

Fred Beckhusen fred at mitsi.com
Mon Jul 24 16:08:09 UTC 2017 

How does one solve the problem of Opensim answering to only one toplevel 
domain? Opensim supports only one Public DNS name, yet a server can be 
both TLD.com and a www.TLD.com. Or more.

For example, my problem seems to be that my system responds to both
www.Outworldz.com:9000 and Outworldz.com:9000.   There are two A records
at Dyn DNS, both pointing to the same server.    In the web site, the
web server can be told to redirect traffic to Outworldz.com with a 301
to www.Outworldz.com. But this is not possible with Opensim.

So what happens in Opensim on one of them is a failure to verify.

06:14:46 - [GATEKEEPER SERVICE]: Verifying http://outworldz.com:9000
against http://www.outworldz.com:9000
06:14:46 - [GATEKEEPER SERVICE]: Unable to verify identity of agent XX
YY. Refusing service.

I see no possible fix, except to drop the www name, which breaks all
landmarks, as people seem to want to not type the www in.

Another problem appears to be that anyone who types in
Outworldz.com:9000 pollutes the hyperlink cache on the remote system,
and they will get a failure to identify as the compare is a simple
string compare.   This link gets stuck in the remote site, and anyone
trying to get to my site will fail or get two map entries, until someone
manually clears the remote end with a unlink-region.

If I change Opensim.ini Public name to use just Outworldz.com:9000, then
the www users will get the failure to identify.  So there is a catch-22.
If I switch to the non-www, then anyone with a old hyperlink will
pollute the cache, again.

There seems to be DNS  way to forward, and there is no way to do so at
the service I use, Dyn DNS, though some vendors seem to be able to use
proprietary code to do it.

  I seem to need an alternate, fallback entry in Opensim.ini that would
also be checked to verify identity. That would solve the "failed to
verify" problem for grids that can answer to either name.

And I don't really want to re-compile it and remove the check. But that
is looking like the only solution.

So is this a Catch-22, or did I just screw it up and now need to compile
away some security?

Ferd Frederix aka Fred Beckhusen
www.Outworldz.com or Outworldz.com, choose just one :-(

More information about the Opensim-dev mailing list