----- Original Message ----- From: "Greg White" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 05, 2001 6:06 PM Subject: Re: Hotmail, CNAME lookup failure, zone transfer...WTF? > Snort is lying. tcpdump is being misunderstood* by someone who doesn't > understand the DNS protocol -- and who is being rude to someone who is trying > to help as a result. It was not my intention to be rude. If I were - I am sorry. > I'm sure it does too. Connections on port 53/TCP _do not_ have to be > zone transfer requests. RTFM, RFC 1035. Sounds like your qmail might > require the big-dns patch.** You should be able to find it on the qmail > home page. This is a big lesson for me. You are 100% right. I thought DNS queries always go as UDP packets :) > > ** Odd, though, as my queries for hotmail MX records show 504 bytes, > inside the limit for UDP....They seem to have intentionally stayed > inside this limit, on purpose. Could we see the results of (both or > either): > > dig mx hotmail.com @ns1.hotmail.com > dnsq mx hotmail.com ns1.hotmail.com This is a different story. Both dig and dnsq show 504 bytes. I attach a full output. Thanks, Marek
; <<>> DiG 8.3 <<>> mx hotmail.com @ns1.hotmail.com ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr aa rd; QUERY: 1, ANSWER: 12, AUTHORITY: 5, ADDITIONAL: 8 ;; QUERY SECTION: ;; hotmail.com, type = MX, class = IN ;; ANSWER SECTION: hotmail.com. 1H IN MX 10 mc3.law13.hotmail.com. hotmail.com. 1H IN MX 10 mc4.law13.hotmail.com. hotmail.com. 1H IN MX 10 mc5.law13.hotmail.com. hotmail.com. 1H IN MX 10 mc6.law13.hotmail.com. hotmail.com. 1H IN MX 10 mc4.law5.hotmail.com. hotmail.com. 1H IN MX 10 mc5.law5.hotmail.com. hotmail.com. 1H IN MX 10 mc6.law5.hotmail.com. hotmail.com. 1H IN MX 10 mc7.law5.hotmail.com. hotmail.com. 1H IN MX 10 mc1.law5.hotmail.com. hotmail.com. 1H IN MX 10 mc2.law5.hotmail.com. hotmail.com. 1H IN MX 10 mc1.law13.hotmail.com. hotmail.com. 1H IN MX 10 mc2.law13.hotmail.com. ;; AUTHORITY SECTION: hotmail.com. 1H IN NS ns1.hotmail.com. hotmail.com. 1H IN NS ns2.hotmail.com. hotmail.com. 1H IN NS ns3.hotmail.com. hotmail.com. 1H IN NS ns4.hotmail.com. hotmail.com. 1H IN NS ns1.jsnet.com. ;; ADDITIONAL SECTION: mc3.law13.hotmail.com. 6m40s IN A 64.4.49.135 mc4.law13.hotmail.com. 6m40s IN A 64.4.49.199 mc5.law13.hotmail.com. 6m40s IN A 64.4.50.7 mc6.law13.hotmail.com. 6m40s IN A 64.4.50.71 mc4.law5.hotmail.com. 6m40s IN A 64.4.56.135 mc5.law5.hotmail.com. 6m40s IN A 64.4.56.199 mc6.law5.hotmail.com. 6m40s IN A 64.4.55.7 mc7.law5.hotmail.com. 6m40s IN A 64.4.42.7 ;; Total query time: 822 msec ;; FROM: blackhole to SERVER: ns1.hotmail.com 216.200.206.140 ;; WHEN: Thu Jul 5 18:50:28 2001 ;; MSG SIZE sent: 29 rcvd: 504 ---------------------------------------------------------------------------------------- 15 hotmail.com: 504 bytes, 1+12+5+8 records, response, authoritative, noerror query: 15 hotmail.com answer: hotmail.com 3600 MX 10 mc3.law13.hotmail.com answer: hotmail.com 3600 MX 10 mc4.law13.hotmail.com answer: hotmail.com 3600 MX 10 mc5.law13.hotmail.com answer: hotmail.com 3600 MX 10 mc6.law13.hotmail.com answer: hotmail.com 3600 MX 10 mc4.law5.hotmail.com answer: hotmail.com 3600 MX 10 mc5.law5.hotmail.com answer: hotmail.com 3600 MX 10 mc6.law5.hotmail.com answer: hotmail.com 3600 MX 10 mc7.law5.hotmail.com answer: hotmail.com 3600 MX 10 mc1.law5.hotmail.com answer: hotmail.com 3600 MX 10 mc2.law5.hotmail.com answer: hotmail.com 3600 MX 10 mc1.law13.hotmail.com answer: hotmail.com 3600 MX 10 mc2.law13.hotmail.com authority: hotmail.com 3600 NS ns1.hotmail.com authority: hotmail.com 3600 NS ns2.hotmail.com authority: hotmail.com 3600 NS ns3.hotmail.com authority: hotmail.com 3600 NS ns4.hotmail.com authority: hotmail.com 3600 NS ns1.jsnet.com additional: mc3.law13.hotmail.com 400 A 64.4.49.135 additional: mc4.law13.hotmail.com 400 A 64.4.49.199 additional: mc5.law13.hotmail.com 400 A 64.4.50.7 additional: mc6.law13.hotmail.com 400 A 64.4.50.71 additional: mc4.law5.hotmail.com 400 A 64.4.56.135 additional: mc5.law5.hotmail.com 400 A 64.4.56.199 additional: mc6.law5.hotmail.com 400 A 64.4.55.7 additional: mc7.law5.hotmail.com 400 A 64.4.42.7
