RE: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT Illegal

2009-01-30 Thread Ben Bridges
The authoritative name servers for nullmx.domainmanager.com are
ns1.domainmanager.com and ns2.domainmanager.com.  They are domain
parking name servers.  They return 64.40.103.249 (or at least something
close to that) to the query for any A record.  The real address of
mta.dewile.net is 69.59.189.80 (as supplied by ns1.alices-registry.com,
one of the authoritative name servers for dewile.net).



 -Original Message-
 From: bind-users-boun...@lists.isc.org 
 [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Al Stu
 Sent: Friday, January 30, 2009 12:33 AM
 To: bind-users@lists.isc.org
 Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records 
 are NOT Illegal
 
 Analyze this.
 
 
 
 Query MX dns.com
 
 Response MX nullmx.domainmanager.com
 
 
 
 Query A nullmx.domainmanager.com
 
 Response CNAME mta.dewile.net, A 64.40.103.249
 
 
 
 See attached network trace.
 
 
 
 
 
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT Illegal

2009-01-30 Thread Michael Milligan
You just don't get it.  You are off wandering around in the weeds.

Read the tail end of Chapter 5 in the book DNS and BIND describing the
MX selection algorithm in layman's terms to (perhaps) understand why
having MX records referencing CNAMEs is bad.

It may work right now for you, but referencing CNAMEs in MX records
eventually _will_ cause delivery loops the next time you accidentally
fat-finger a config.  If you continue to be hard-headed about this and
not listen to the 100s of years of collective wisdom dispensed, then go
ahead and leave yourself set up for a potential DoS against yourself,
we're not going to stop you...  and we're not going to feel sorry for
you either.

FIN

Regards,
Mike

Al Stu wrote:
 Analyze this.
 
 Query MX dns.com
 
 Response MX nullmx.domainmanager.com
 
 Query A nullmx.domainmanager.com
 
 Response CNAME mta.dewile.net, A 64.40.103.249
 

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Bind-9.5.1 logging

2009-01-30 Thread Peter Fraser
Hi All

I'm trying to configure bind-9.5 logging to help troubleshoot a
problem. I put this in named.conf

logging {
channel myfile {
file /etc/namedb/dns.log;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel myfile-security {
file /etc/namedb/dns-security.log;
severity info;
};
category update { myfile; };
category security { myfile-security; };
};

I then run rndc trace, but the log files stay empty. What could I be
doing wrong?
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Re: where is libbind???

2009-01-30 Thread Evan Hunt
 I would like to request that libbind install a pkg-config file (perhaps 
 $prefix/lib/pkgconfig/libbind.pc).

Thanks.  libbind-b...@isc.org and libbind-sugg...@isc.org would be the
best places to send bug reports and suggestions, though, so we can keep
track of them.

--
Evan Hunt -- evan_h...@isc.org
Internet Systems Consortium, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT Illegal

2009-01-30 Thread Al Stu


History is fraught with individuals or a few being ridiculed for putting 
forth that which goes against the conventional wisdom of the masses and so 
called experts, only to be vindicated once the masses and so called experts 
get their head out where the sun is shining and exposed to the light of day.


Once upon a time the world was 'flat'.  For some of you, apparently is still 
is 'flat'.


- Original Message - 
From: Michael Milligan mi...@acmeps.com

To: Al Stu al_...@verizon.net
Cc: bind-users@lists.isc.org
Sent: Friday, January 30, 2009 10:20 AM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT 
Illegal




You just don't get it.  You are off wandering around in the weeds.

Read the tail end of Chapter 5 in the book DNS and BIND describing the
MX selection algorithm in layman's terms to (perhaps) understand why
having MX records referencing CNAMEs is bad.

It may work right now for you, but referencing CNAMEs in MX records
eventually _will_ cause delivery loops the next time you accidentally
fat-finger a config.  If you continue to be hard-headed about this and
not listen to the 100s of years of collective wisdom dispensed, then go
ahead and leave yourself set up for a potential DoS against yourself,
we're not going to stop you...  and we're not going to feel sorry for
you either.

FIN

Regards,
Mike

Al Stu wrote:

Analyze this.

Query MX dns.com

Response MX nullmx.domainmanager.com

Query A nullmx.domainmanager.com

Response CNAME mta.dewile.net, A 64.40.103.249





___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT Illegal

2009-01-30 Thread Noel Butler
On Sat, 2009-01-31 at 16:55, Al Stu wrote:

 History is fraught with individuals or a few being ridiculed for putting 
 forth that which goes against the conventional wisdom of the masses and so 


You don't get to speak for anyone else but yourself,  just because you
believe in your own trolling, don't assume agree with you, let alone
masses of others


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT Illegal

2009-01-30 Thread Danny Thomas

Al Stu wrote:
History is fraught with individuals or a few being ridiculed for 
putting forth that which goes against the conventional wisdom of the 
masses and so called experts, only to be vindicated once the masses 
and so called experts get their head out where the sun is shining and 
exposed to the light of day.


Once upon a time the world was 'flat'.  For some of you, apparently is 
still is 'flat'.

and for every Einstein, Columbus, etc, there have been untold people whose
beliefs were not accepted. So whenever I see this line of argument 
advanced in a
simplistic way, particularly with a hint of an heroic struggle against 
orthodoxy,
I can't help thinking that the odds of heretical views being 
vindicated is pretty low.

One belief yet to be accepted is the existence of Martian sand whales.

*really plonk*


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users