Solved Is DNS jealous?

Is there any reason why I can't just type in an IP address and skip the DNS server? I've been trying, but it won't work. Thanks!

How would your computer know how to get to anywhere?

broe23 said:

How would your computer know how to get to anywhere?

Click to expand...

Because I would type 434.76.936.665, or http://434.76.936.665, and I wouldn't need DNS in that particular case. ?

You can sometimes. For example you can access Google directly by going to Google (<--- that is an IP address, but this website automatically changes it to say 'Google').

However a web server can host more than one website at an IP address. Therefore quite often an IP address alone isn't enough to tell the server what domain you're trying to visit at that IP address/port. I'm not a computer techie, however unless I'm mistaken Eight Forums for example has 12 other domains listed at the same IP address, but when you type the actual name into your address bar it will know what site you're requesting at that IP address because in the HTTP 'Get' request it will have 'Host: www.eightforums.com'

PS: In your example, http://434.76.936.665 could never work because IP4 addresses can only go up to 255.255.255.255.

ARC1020 said:

You can sometimes. For example you can access Google directly by going to Google (<--- that is an IP address, but this website automatically changes it to say 'Google').

However a web server can host more than one website at an IP address. Therefore quite often an IP address alone isn't enough to tell the server what domain you're trying to visit at that IP address/port. I'm not a computer techie, however unless I'm mistaken Eight Forums for example has 12 other domains listed at the same IP address, but when you type the actual name into your address bar it will know what site you're requesting at that IP address because in the HTTP 'Get' request it will have 'Host: www.eightforums.com'

PS: In your example, http://434.76.936.665 could never work because IP4 addresses can only go up to 255.255.255.255.

Click to expand...

Thanks! (that IP was off the cuff, I forgot they don't go that high.) An interesting thing happened when I plugged in the numeric address for grc. It told me the certificate didn't match the address, but when I plugged in Home of Gibson Research Corporation, it went straight through and loaded the site. Isn't that a huge security flaw? Shouldn't the cert be matched to the numeric address?

The error you see is SSL working correctly, by warning you of a certificate mismatch.

If you go to https://4.79.142.200 (IP address for GRC.com), the HTTPS denotes that you're requesting a secure site, but the SSL certificate is only valid for the Common Name (CN) in the 'Subject' field and the DNS Names in the 'Subject Alternative Names' field of the certificate (in this case grc.com, www. grc.com and media.grc.com).

Because the IP address you entered in the address bar doesn't match any of those names, you get a certificate mismatch and a warning telling you that the address in your address bar and the addresses that are on the SSL certificate are different. Technically I don't see why a website owner couldn't have an IP address on a certificate providing there's only one website at that IP address, but I can't really think of a reason to do so for ordinary websites because everyone uses domain names rather than IP addresses to access them.