On Wed, 2008-09-10 at 16:35 +0200, mouss wrote: > Jorey Bump wrote: > > Jason Noble wrote, at 09/10/2008 08:51 AM: > >> It was my DNS. > >> I am using a black list from here: > >> http://pgl.yoyo.org/adservers/ > >> to block ad-servers at the dns level. > >> > >> I'll have to remember this next time I have weird mail issues. > > > > Your mail server should use a reliable, honest DNS server. > > > > Set up a separate DNS server if you want to block ad sites for your your > > LAN users. I do this, but I simply make the local DNS server > > authoritative for the offensive domains (or subdomains) and point them > > all to the same zone file, which has no A records defined. Why anyone > > would point these to 127.0.0.1 or any other IP address is beyond me. > > > > > and is even dangerous. it allows a stranger to make you do a query on a > local service. with FCSR and XSS attacks being so common these days, > this is unwise. What would happens if say you get to click on > http://127.0.0.1:1234/disable_firewall > ? > > this is also the reason why it is not recommended to put private IPs in > public dns zones (foo.example.com -> 192.168.1.2). > >
What about just pointing to 0.0.0.0
