Jorey Bump wrote:
Jason Noble wrote, at 09/10/2008 08:51 AM:
It was my DNS.
I am using a black list from here:
http://pgl.yoyo.org/adservers/
to block ad-servers at the dns level.
I'll have to remember this next time I have weird mail issues.
Your mail server should use a reliable, honest DNS server.
Set up a separate DNS server if you want to block ad sites for your your
LAN users. I do this, but I simply make the local DNS server
authoritative for the offensive domains (or subdomains) and point them
all to the same zone file, which has no A records defined. Why anyone
would point these to 127.0.0.1 or any other IP address is beyond me.
and is even dangerous. it allows a stranger to make you do a query on a
local service. with FCSR and XSS attacks being so common these days,
this is unwise. What would happens if say you get to click on
http://127.0.0.1:1234/disable_firewall
?
this is also the reason why it is not recommended to put private IPs in
public dns zones (foo.example.com -> 192.168.1.2).
