Am Sonntag, den 30.07.2006, 09:45 +0200 schrieb Vincenzo Gianferrari Pini: > Noel J. Bergman wrote: > > >Brian Wellington wrote: > > > > > > > >>Noel J. Bergman wrote: > >> > >> > > > > > > > >>>adding "domain devtech.com" (see `man resolv.conf`) > >>>to /etc/resolv.conf changed the behavior so that it works: > >>> > >>> domain Local domain name. > >>> Most queries for names within this domain can use short > >>> names relative to the local domain. If no domain entry > >>> is present, the domain is determined from the local host > >>> name returned by gethostname(); the domain part is taken > >>> to be everything after the first `.'. Finally, if the > >>> host name does not contain a domain part, the root domain > >>> is assumed. > >>>and picking up the ".com" from my hostname. > >>> > >>> > > > > > > > >>The code in dnsjava's ResolverConfig class should be looking at any > >>"search" or "domain" entries in /etc/resolv.conf, and using them as > >>DNS searchlist entries; that is, suffixes to append to potentially > >>non-absolute domain names. I'm not sure why .com would be appended to a > >>domain name unless there was either a "domain com" or "search com" entry. > >> > >> > > > >That is the question, Brian. There were neither domain nor search entries > >in my resolv.conf, only nameserver entries; which is why I quoted the > >section from the man page, above. My hostname is devtech.com, which does > >have "com" after the first '.' in the hostname. *Now* I have "domain > >devtech.com", as the fix, and the spurious ".com" suffix is no longer being > >added. > > > > > > > So, if I understood well, the behaviour *before* you add the "domain" > entry in resolv.conf was coherent with what is prescripted in "man > resolv.conf`", as your host name is devtech.com (not xxx.devtech.com), > so dnsjava's ResolverConfig looked for the hostname using gethostname(), > got devtech.com, and as "the domain part is taken to be everything after > the first `.", got ".com" it built the string > "query.bondedsender.org.com". It seems to be the expected behaviour in > dnsjava, isn't it? > > And some tricky spammer, knowing this possibly misleading behaviour, has > spoofed "query.bondedsender.org" using a new whitelist > "query.bondedsender.org.com" that lists the IPs he uses to send spam! > > >>You've figured out the problem, and there's nothing wrong in dnsjava > >>here, right? > >> > >> > > > >I'll agree that I should've had a domain entry to counter-balance the > >hostname, as described above. But it sounds from your description as if you > >want to at least check dnsjava to see how the .com was getting added, since > >there seems to be some question as to what did it. > > > > > But it seems that dnsjava is behaving ok, or not? In the positive case > it should be a James concern to avoid falling in this trick, adding a > '.' at the end of the whitelist (and blacklist) domain name strings > before calling lookup, or even better putting a '.' at the end of the > names available in the tock configuration files, with a warning > explaining it. > > Vincenzo
So i understand right that you want to append a "." on the end of any "entry" you want to lookup ? So if we build the address to lookup this will happen: 1.0.0.127.bl.spamcop.net -> 1.0.0.127.bl.spamcop.net. This sound a good fix to me . Anyone see drawbacks ? bye Norman
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
