Matt Kettler wrote:
Giampaolo Tomassoni wrote:
It doesn't use whois *instead of* dns. It uses both and attempts even to
detect any discrepancy between their responses.
How are these going to be different?? The information published to
whois has to match the information published to the authoritative DNS
servers for the TLD the domain falls under.
I guess you could send a request to one of the servers for the domain
and ask for a NS record. But that's asking for a DoS. You could also
still do it a lot more efficiently by sending one to the authority for
the TLD, and one to the domain server.
Ahh, I see what you're doing, you're looking up the SOA. Which is
basically forcing the query down to the spammer's DNS server, and
opening yourself up for a DoS attack.
hint: a malicious spammer could fill an email with domains that point
to a server which generates really slow responses to your SOA querries,
bogging your server down with DNS timeouts. This is the whole reason
why nothing in SA ever does an "A" record lookup on URI's. Doing a SOA
lookup isn't quite as bad, as it would take many domains instead of many
hosts, but it's still the same concept.
