James Stevens <[EMAIL PROTECTED]> wrote:
> > > > It doesn't. snort is lying -- don't worry, it lies about a lot of
> > > > other things, too. Take everything snort says with a grain of salt.
> >
> > > Snort is just a tool, and my previous post was about qmail, not snort :)
> > > Snort is not lying. You think it took the packet dump out of the blue
> > > sky? I also ran tcpdump and it says the same. Is tcpdump also lying?
> >
> > No. There's no zone transfer happening. The worst case is Hotmail went
> > over the 512-byte UDP DNS response limit, and the resolver is therefore
> > trying to do a TCP query instead. This is not a zone transfer, but snort
> > reports it as such.
> No, I show them well under the 512 limit.. Even then if the 'bigtodo-dns' I
> believe it's called is installed then what does it matter???
"bigdns" is the patch you're talking about. It matters in certain
circumstances. Perhaps your local dns resolver is broken, or it forwards to
another broken resolver. Perhaps Hotmail's load-balanced and distributed DNS
is giving slightly different answers there than here.
Regardless, you were very rude above. What we're telling you is the truth;
please accept it, don't abuse those supplying the answers.
> I am correct right?
Sadly, no.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
-----------------------------------------------------------------------
