RE: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"
The authoritative name servers for nullmx.domainmanager.com are ns1.domainmanager.com and ns2.domainmanager.com. They are domain parking name servers. They return 64.40.103.249 (or at least something close to that) to the query for any A record. The real address of mta.dewile.net is 69.59.189.80 (as supplied by ns1.alices-registry.com, one of the authoritative name servers for "dewile.net"). > -Original Message- > From: bind-users-boun...@lists.isc.org > [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Al Stu > Sent: Friday, January 30, 2009 12:33 AM > To: bind-users@lists.isc.org > Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records > are NOT "Illegal" > > Analyze this. > > > > Query MX dns.com > > Response MX nullmx.domainmanager.com > > > > Query A nullmx.domainmanager.com > > Response CNAME mta.dewile.net, A 64.40.103.249 > > > > See attached network trace. > > > > > ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"
You just don't get it. You are off wandering around in the weeds. Read the tail end of Chapter 5 in the book "DNS and BIND" describing the MX selection algorithm in layman's terms to (perhaps) understand why having MX records referencing CNAMEs is bad. It may work right now for you, but referencing CNAMEs in MX records eventually _will_ cause delivery loops the next time you accidentally fat-finger a config. If you continue to be hard-headed about this and not listen to the 100s of years of collective wisdom dispensed, then go ahead and leave yourself set up for a potential DoS against yourself, we're not going to stop you... and we're not going to feel sorry for you either. FIN Regards, Mike Al Stu wrote: > Analyze this. > > Query MX dns.com > > Response MX nullmx.domainmanager.com > > Query A nullmx.domainmanager.com > > Response CNAME mta.dewile.net, A 64.40.103.249 > ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"
Michael Milligan wrote: > You just don't get it. You are off wandering around in the weeds. > > Read the tail end of Chapter 5 in the book "DNS and BIND" describing the > MX selection algorithm in layman's terms to (perhaps) understand why > having MX records referencing CNAMEs is bad. > > It may work right now for you, but referencing CNAMEs in MX records > eventually _will_ cause delivery loops the next time you accidentally > fat-finger a config. If you continue to be hard-headed about this and > not listen to the 100s of years of collective wisdom dispensed, then go > ahead and leave yourself set up for a potential DoS against yourself, > we're not going to stop you... and we're not going to feel sorry for > you either. There are plenty of ways to get a mail loop that don't involve DNS mis-configuration. As such pretty much every major MTA detects and stops mail loops. So mail loops are a non-issue ... next? ds > FIN > > Regards, > Mike > > Al Stu wrote: >> Analyze this. >> >> Query MX dns.com >> >> Response MX nullmx.domainmanager.com >> >> Query A nullmx.domainmanager.com >> >> Response CNAME mta.dewile.net, A 64.40.103.249 >> > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Environmental thought: print this email in triplicate! (ygolohcysp esrever) ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind-9.5.1 logging
Hi All
I'm trying to configure bind-9.5 logging to help troubleshoot a
problem. I put this in named.conf
logging {
channel myfile {
file "/etc/namedb/dns.log";
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel myfile-security {
file "/etc/namedb/dns-security.log";
severity info;
};
category update { myfile; };
category security { myfile-security; };
};
I then run rndc trace, but the log files stay empty. What could I be
doing wrong?
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: where is libbind???
Mark Andrews wrote: The release announcement for libbind-6.0b1 should be out shortly. The whole process took a bit longer than we were expecting. We were trying to get libbind out before BIND 9.6.0 got out. Mark Mark I would like to request that libbind install a pkg-config file (perhaps $prefix/lib/pkgconfig/libbind.pc). Regards, Chris Hills ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: where is libbind???
> I would like to request that libbind install a pkg-config file (perhaps > $prefix/lib/pkgconfig/libbind.pc). Thanks. libbind-b...@isc.org and libbind-sugg...@isc.org would be the best places to send bug reports and suggestions, though, so we can keep track of them. -- Evan Hunt -- evan_h...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"
History is fraught with individuals or a few being ridiculed for putting forth that which goes against the conventional wisdom of the masses and so called experts, only to be vindicated once the masses and so called experts get their head out where the sun is shining and exposed to the light of day. Once upon a time the world was 'flat'. For some of you, apparently is still is 'flat'. - Original Message - From: "Michael Milligan" To: "Al Stu" Cc: Sent: Friday, January 30, 2009 10:20 AM Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal" You just don't get it. You are off wandering around in the weeds. Read the tail end of Chapter 5 in the book "DNS and BIND" describing the MX selection algorithm in layman's terms to (perhaps) understand why having MX records referencing CNAMEs is bad. It may work right now for you, but referencing CNAMEs in MX records eventually _will_ cause delivery loops the next time you accidentally fat-finger a config. If you continue to be hard-headed about this and not listen to the 100s of years of collective wisdom dispensed, then go ahead and leave yourself set up for a potential DoS against yourself, we're not going to stop you... and we're not going to feel sorry for you either. FIN Regards, Mike Al Stu wrote: Analyze this. Query MX dns.com Response MX nullmx.domainmanager.com Query A nullmx.domainmanager.com Response CNAME mta.dewile.net, A 64.40.103.249 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"
On Sat, 2009-01-31 at 16:55, Al Stu wrote: > History is fraught with individuals or a few being ridiculed for putting > forth that which goes against the conventional wisdom of the masses and so You don't get to speak for anyone else but yourself, just because you believe in your own trolling, don't assume agree with you, let alone "masses" of others ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"
Al Stu wrote: History is fraught with individuals or a few being ridiculed for putting forth that which goes against the conventional wisdom of the masses and so called experts, only to be vindicated once the masses and so called experts get their head out where the sun is shining and exposed to the light of day. Once upon a time the world was 'flat'. For some of you, apparently is still is 'flat'. and for every Einstein, Columbus, etc, there have been untold people whose beliefs were not accepted. So whenever I see this line of argument advanced in a simplistic way, particularly with a hint of an heroic struggle against orthodoxy, I can't help thinking that the odds of "heretical views" being vindicated is pretty low. One belief yet to be accepted is the existence of Martian sand whales. *really plonk* ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
