On Wed, 29 Apr 2009, Adam Katz wrote:
> David B Funk wrote:
> > Repeat after me, ALMOST ALL characters (octets actually) are now
> > LEGAL in DNS queries (see RFC-2181 section 11).
> >
> > There is NO need for -any- kind of munging.
>
> First, you must start and end a domain label ("octet" refers to IP
> addresses) with a letter or number, so munging is still required.
> Second, DNS thrives on caching, peering, and slaves; if BIND or other
> major name servers can't handle it, it won't fly. I'm running the
> latest version of BIND and it required each of the munging steps I
> implemented (except the truncation to 16 chars, which was for
> bandwidth) in order to work.
>
> Also, some of the addresses are forged and should not be listed in the
> plain anyway. More on that in my next email announcing my md5-enabled
> list, in which I'll propose a type Z for "do not reveal this address."
>
> > host abus...@live.com.phish.icaen.uiowa.edu.
> > NO need for hashing, no collsions, etc.
>
> How about the first entry in the upstream list:
> $ host -- -helpd...@live.com
> Host -helpd...@live.com not found: 3(NXDOMAIN)
> $
>
> I guess you have to munge it.
Umm, I guess you didn't understand what the ".phish.icaen.uiowa.edu" part
of "address.phish.icaen.uiowa.edu" ment.
Try:
host -- -helpd...@live.com.phish.icaen.uiowa.edu.
Unless you've got an obsolete version of software this does work.
In bind if you use the "check-names ignore" option for that zone it
does -NOT- require munging. (I'm running mine that way, so I know
that it works.)
--
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
