[Mimedefang] validating 'possibly forged' helo IP's?
Damrose, Mark
mdamrose at elgin.edu
Thu Jan 12 14:01:11 EST 2006
> -----Original Message-----
> From: David F. Skoll
> WBrown at e1b.org wrote:
>
> >> 1. There is only one ptr record per IP.
>
> > Not true. I was testing that on my internal DNS:
>
> Try adding 150 PTR records for a given IP address and watch
> all hell break loose. :-)
Of course, since most implementations only use the first PTR
record for anything, and it's essentially random which one will
be returned first, it pretty meaningless to have more than one.
Lots of places (big webhosting services, especially) do it
though. Them must never actually test anything...
> (The large reply will make the DNS server want to fall back
> to TCP, which is blocked by a lot of firewalls whose admins
> forget (if they ever knew) that DNS can run over TCP as well as UDP.)
Most modern DNS servers support EDNS0 - larger packet sizes over UDP.
Of course, then you run into the issue of stupid firewalls that need
to be upgraded not to assume they know what size UDP packets DNS can
use. *cough* cisco *cough*
You'll know you have a broken firewall if you upgrade to BIND 9 or
MS DNS on Server 2003 and suddenly yahoo.com stops working.
More information about the MIMEDefang
mailing list