Am 25.11.2015 um 14:41 schrieb RW:
On Wed, 25 Nov 2015 12:32:59 +0100 Matthias Apitz wrote:I think we can close this thread now :-)IIWY I'd still use the Botnet plugin. The absence of reverse DNS gives you three problem: 1. You have no test for the absence of rDNS
why that when SA makes the dns request itself?in fact in that case you *really* have the capability to distinct between absence (NXDOMAIN) or dns-error which you don#t have by parsing headers with no clue where the "unknown" is coming from
2. You have no test for the absence of full-circle DNS
should be possible
3. You have no test for dynamic rDNS
why that when SA makes the dns request and so have a rDNS?
If I'm understanding it correctly, the patch only fixes 1, Botnet fixes all three
honestly SA should by making the rDNS request itself be able to just act identically as if it was error prone parsed out of headers which did not contain the information what is why it's done directly
signature.asc
Description: OpenPGP digital signature
