Re: Applet "codebase" to IP address resolution

Can someone please tell me the strategy(ies) used by Java (the Security
Manager or whatever) to determine if a given IP address conforms to the
definition of the codebase from which an applet was retrieved?

For example, if an Applet was loaded from mycluster.mydomain.com, and
"mycluster" was a cluster alias that was using DNS load-balancing (or
round-robin or a.n.other distribution technique) to distribute client
connections among available nodes in the cluster, could such an unsigned
applet connect a socket to *any* of the available nodes or interface
addresses?

Is the DNS translation done only once when the Object/Applet tag is
encountered and, from then on, all "codebase" checks must match that same IP
address?

Is it just an ASCII string check, so that one relative -vs- one absolute URL
specification could point to the same address yet fail the check?

But then, when it comes to UDP messages arriving at an Applet's socket, when
only the IP address is available, what criteria is used to say "Hey, did
this message come from my codebase?

Is the equivalent a C gethostent() call performed, and *all* alias addresses
and names are checked to say "It's in there somewhere"? (This would be nice
:-)