Hi Guys, So, two questions: first, is there a version of p0f that runs under Windows? I found the Unix version and I found a Windows-port version that is not compiled (and I haven't used a real compiler in at least ten years).
Second question: what's the popular recommendation for DNS TTL nowadays? I think I reset mine many years ago after a discussion here among some other people. Thanks, Ben -----Original Message----- From: Sanford Whiteman Sent: Friday, November 23, 2012 6:01 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] MX, DNS and other weird stuff It's not really a complex setup unless you have (or had) a secondary that is capable of reloading with bad records. It shouldn't be possible to have a proper secondary that does this, as it should use either standard *XFR methods or some proprietary sync mechanism at startup to get the right records (incl serial #) from its primary. Since your tests show all of your possible NSs giving the right results when q'd directly (although you can't be sure it's 100% of the time if the secondaries are outside your control) the "good" news is now you are justified in using p0f to try to see if something is sitting in-between your Comcast boxes and the outside world. You could set up a box the just sends a barrage of queries to the Comcast NSs and pipes the p0f results to a file, then scan it after a day and see if anything looks amiss. Re: subdomain v. hostname, as mail.bcwebhost.net has an IP address assigned to it, it should be considered a hostname. If the label had only NSs,, it would be considered a subdomain that could have child hostnames. I have no idea what the Comcast dude is saying about "subdomain that has an MX." If it were a delegated subdomain, that might be notable, but it's not. One other thing: is it possible that you have a reeeeally long TTL that you set at some point that might still send people to the bad/strange server? You could have mistyped and have 30 days to wait it out.... -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
