Folks,
One piece of feedback we received multiple times after the addition of
the wildcard A record to the .com/.net zones concerned snubby, our
SMTP mail rejection server. This server was designed to be the most
modest of SMTP implementations and supported only the most common
sequence of SMTP
At 02:01 PM 9/20/2003, Matt Larson wrote:
In response to this feedback, we have deployed an alternate SMTP
implementation using Postfix that should address many of the concerns
we've heard. Like snubby, this server rejects any mail sent to it (by
returning 550 in response to any number of RCPT TO
> One piece of feedback we received multiple times after the
> addition of the wildcard A record to the .com/.net zones
> concerned snubby, our SMTP mail rejection server.
Did you miss the other pieces of feedback about how wildcard records in .com
and .net are simply a bad idea for numerous r
On Sat, Sep 20, 2003 at 02:16:34PM -0400, Dave Stewart wrote:
> >implementation using Postfix that should address many of the concerns
> >we've heard. Like snubby, this server rejects any mail sent to it (by
> >returning 550 in response to any number of RCPT TO commands).
>
> ICANN has requeste
On Sat, 20 Sep 2003, Matt Larson wrote:
>
> Folks,
>
> One piece of feedback we received multiple times after the addition of
> the wildcard A record to the .com/.net zones concerned snubby, our
> SMTP mail rejection server. This server was designed to be the most
> modest of SMTP implementation
Oh come on people, this guy *implements* stuff. Here he is on the list
describing how he has implemented something to alleviate the problems
caused by PHBs at Verisign.
ISC bind mods, ICANN displeasure, and other sources of pressure will
either remove this issue or make it irrelevant.
Rath
> We are interested in feedback on the best way within the SMTP protocol
> to definitively reject mail at these servers. One alternate option we
> I would welcome feedback on these options sent to me privately or the
> list; I will summarize the former.
OK feedback, I suggest you withdraw
> On Sat, 20 Sep 2003, Matt Larson wrote:
>> One piece of feedback we received multiple times after the addition of
>> the wildcard A record to the .com/.net zones concerned snubby, our
[..]
* [EMAIL PROTECTED] (ken emery) [Sat 20 Sep 2003, 20:35 CEST]:
> I think you haven't "gotten it". I'm get
On Sat, 20 Sep 2003, neal rauhauser wrote:
> Oh come on people, this guy *implements* stuff. Here he is on the list
> describing how he has implemented something to alleviate the problems
> caused by PHBs at Verisign.
He is a representative of Verisign and asked for feedback. He
has gotten som
While 550 may be the proper answer for a domain that does not exist, it
is an improper answer for a domain that does exist but that is not
included in the zone for some reason. Verisign is not the owner of the
domain and, as such, has no right to discard mail destined for that
domain. Mail
[EMAIL PROTECTED] (Matt Larson) writes:
> We are interested in feedback on the best way within the SMTP protocol
> to definitively reject mail at these servers. One alternate option we
> are considering is rejecting the SMTP transaction by returning a 554
> response code as described in Section
On Sat, Sep 20, 2003 at 11:34:17AM -0700, ken emery wrote:
> I think you haven't "gotten it". I'm getting the message from you that
> the changes made to the com and net gTLD's are fait accompli. From the
That's the exact message I got from Verisign on Thursday. See:
http://news.com.com/2100-10
Is it possible for the client resolver code to distinguish between a
wildcard answer and an explicit answer? Or would the require another
flag passed between the client and a recursive name server?
If this was available, it would mail clients and other things interested
in the specific domain n
> Is it possible for the client resolver code to distinguish between a
> wildcard answer and an explicit answer?
no.
> If this was available, it would mail clients and other things
> interested in the specific domain name could get the answers they
> want. While other stuff would get the wildca
on 9/20/2003 1:01 PM Matt Larson wrote:
> We are interested in feedback on the best way within the SMTP protocol
> to definitively reject mail at these servers.
You need to:
1) fatally reject mail for domains that are not delegated with 5xx
-and-
2) softly reject mail for domains that are
on 9/20/2003 3:01 PM Sean Donelan wrote:
> Is it possible for the client resolver code to distinguish between a
> wildcard answer and an explicit answer? Or would the require another
> flag passed between the client and a recursive name server?
>
> If this was available, it would mail client
On 9/20/03 3:39 PM, "Roy" <[EMAIL PROTECTED]> wrote:
> While 550 may be the proper answer for a domain that does not exist, it
> is an improper answer for a domain that does exist but that is not
> included in the zone for some reason. Verisign is not the owner of the
> domain and, as such, has
Correction:
They need to pull themselves out of the loop on this and allow DNS
to work as intended.
Owen
--On Saturday, September 20, 2003 3:06 PM -0500 "Eric A. Hall"
<[EMAIL PROTECTED]> wrote:
on 9/20/2003 1:01 PM Matt Larson wrote:
We are interested in feedback on the best way wit
Declan McCullagh wrote:
On Sat, Sep 20, 2003 at 11:34:17AM -0700, ken emery wrote:
I think you haven't "gotten it". I'm getting the message from you that
the changes made to the com and net gTLD's are fait accompli. From the
That's the exact message I got from Verisign on Thursday. See:
> Declan McCullagh wrote:
>
> >On Sat, Sep 20, 2003 at 11:34:17AM -0700, ken emery wrote:
> >
> >
> >>I think you haven't "gotten it". I'm getting the message from you that
> >>the changes made to the com and net gTLD's are fait accompli. From the
> >>
> >>
> >
> >That's the exact message
On Sat, Sep 20, 2003 at 02:01:39PM -0400, Matt Larson wrote:
[snip]
> We are interested in feedback on the best way within the SMTP protocol
> to definitively reject mail at these servers. One alternate option we
[snip]
Wrong protocol. There should be *NO* SMTP transactions for
non-extistant d
On Sat, Sep 20, 2003 at 06:06:06PM -0500, David A. Ulevitch wrote:
> There are plenty of hardworking people at good companies who get crap on
> NANOG all the time, why don't we save our relief for them. Tight job
> market or not, everyone has a choice of where they work. He's made a poor
> choic
On Sat, Sep 20, 2003 at 08:31:27PM -0400, Joe Provo wrote:
> > We are interested in feedback on the best way within the SMTP protocol
> > to definitively reject mail at these servers. One alternate option we
> [snip]
>
> Wrong protocol. There should be *NO* SMTP transactions for
> non-extistan
On Sat, 20 Sep 2003, Eric A. Hall wrote:
> on 9/20/2003 1:01 PM Matt Larson wrote:
>
> > We are interested in feedback on the best way within the SMTP protocol
> > to definitively reject mail at these servers.
>
> You need to:
>
> 1) fatally reject mail for domains that are not delegated with
On Sun, Sep 21, 2003 at 10:08:27AM +, Stephen J. Wilcox wrote:
> What if you change the behaviour of the GTLD named daemons to return
> an NXDOMAIN response to any MX queries on non-existent domains, you
> will then take this whole debate on SMTP out of the equation ...
MTAs fall back to the
neal rauhauser wrote:
Rather than bashing someone who is doing something positive we should
see if we can paypal him $$$ for a box of tacks so he can mine the
chairs of the tack head marketing weasels who decided this would be a
good idea ...
Could we convince Washington that this is an operat
On Sun, 21 Sep 2003, Daniel Roesen wrote:
> On Sun, Sep 21, 2003 at 10:08:27AM +, Stephen J. Wilcox wrote:
> > What if you change the behaviour of the GTLD named daemons to return
> > an NXDOMAIN response to any MX queries on non-existent domains, you
> > will then take this whole debate on S
SJW> Date: Sun, 21 Sep 2003 15:17:34 + (GMT)
SJW> From: Stephen J. Wilcox
SJW> That was my understanding but on checking with Paul he said
SJW> that NXDOMAIN means dont do further checks so dont look for
SJW> A...
Return NOERROR for one type of RR, but NXDOMAIN for another? Is
that valid?!
on 9/21/2003 11:19 AM E.B. Dreger wrote:
> Return NOERROR for one type of RR, but NXDOMAIN for another? Is
> that valid?! Hit me with a clue-by-four if appropriate, but I
> thought NOERROR/NXDOMAIN was returned per-host, regardless of
> RRTYPE requested. Giving NXDOMAIN for MX yet returning N
On Sun, 21 Sep 2003, Eric A. Hall wrote:
> on 9/21/2003 11:19 AM E.B. Dreger wrote:
>
> > Return NOERROR for one type of RR, but NXDOMAIN for another? Is
> > that valid?! Hit me with a clue-by-four if appropriate, but I
> > thought NOERROR/NXDOMAIN was returned per-host, regardless of
> > RRTY
on 9/21/2003 12:00 PM Stephen J. Wilcox wrote:
>> At this point, I think we're on the verge of having multiple
>> (different) namespaces, which is extremely dangerous. At the same
>> time, the arguments against multiple roots are pretty much going out
>> the window.
>
> Not at all, the problem
On Sat, Sep 20, 2003 at 08:31:27PM -0400, Joe Provo wrote:
>
> Wrong protocol. There should be *NO* SMTP transactions for
> non-extistant domains.
After being bit by this over the weekend I would have to agree, due to
a screwup at netSOL a companies domain I manage was resolving to their
sit
On Sat, 20 Sep 2003, Avleen Vig wrote:
> > > We are interested in feedback on the best way within the SMTP protocol
> > > to definitively reject mail at these servers. One alternate option we
> > [snip]
>
> The correct "solution" is to remove the wildcarding.
> Until that happens, the best thin
L PROTECTED] Behalf Of
> Matthew S. Hallacy
> Sent: Sunday, September 21, 2003 2:02 PM
> To: [EMAIL PROTECTED]
> Subject: Re: VeriSign SMTP reject server updated
>
>
>
> On Sat, Sep 20, 2003 at 08:31:27PM -0400, Joe Provo wrote:
> >
> > Wrong protocol. The
>before we deployed root-delegation-only here, i was also annoyed that my
>e-mail tool could not tell me about misspelled domain names at "send"
time
>and i had to wait for the wildcard mail servers to bounce the traffic.
In other words, Verisign is actually increasing the amount of misspelled
>> Wrong protocol. There should be *NO* SMTP transactions for
>> non-extistant domains.
>After being bit by this over the weekend I would have to agree, due to
>a screwup at netSOL a companies domain I manage was resolving to their
>sitefinder service, and all mail just went *poof*.
At anytim
On Mon, 22 Sep 2003 10:42:51 +0100 [EMAIL PROTECTED] wrote:
| Meanwhile, I would have diverted a copy of the mailserver
| communications at the Ethernet switch to a secret server that
| does the actual logging of addresses and messages.
|
| Son of Carnivore?
Son? or Brother?
See: http://lists.
Matt Larson wrote:
In response to this feedback, we have deployed an alternate SMTP
implementation using Postfix that should address many of the concerns
we've heard. Like snubby, this server rejects any mail sent to it (by
returning 550 in response to any number of RCPT TO commands).
Matt,
The
>At anytime, Verisign could remove your .COM domain from their DNS for
>a short period of time which would result in all of your inbound
>email going to the Verisign collector servers. If this was only done
>for a brief interval, say 10 minutes, you might never notice that it
>had happened. But
Beating up the spokestech may feel good but is pointless.
The way to solve the Verislime problem is straightforward,
but not simple.
Make it unprofitable for them.
Maybe that is by political pressure [but I doubt it -- they have
big lobbying muscle..] from the Hill.
It may be by lawsu
On Thu, 25 Sep 2003, David Lesher wrote:
> The way to solve the Verislime problem is straightforward,
> but not simple.
>
> Make it unprofitable for them.
...can't resist hitting reply. First there is little to no way to make
this unprofitable for them since they already have people paying
> Date: Thu, 25 Sep 2003 11:12:05 -0400 (EDT)
> From: Gerald <[EMAIL PROTECTED]>
[...snip...]
>
> Ugh...sucked in. Can we get back to network operation discussions. Someone
> make a Verisign gripe/commiserate list. I'll sign up.
[EMAIL PROTECTED] ...?
Regards,
Gregory Hicks
>
> G
>
> - Ho
42 matches
Mail list logo