[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sheflug] [OT] DNS for .com and .net



Hi people,

Apols for posting this, but it's worth being aware of this, espeically if 
you've mail servers to look after. Verisign (for it is them) have seen it 
fit to add a wildcard into the root DNS for .COM and .NET domains, so any 
invalid domain will now /resolve/, which means mail for invalid domains 
will head to Verisign before being bounced back with a 550 invalid domain 
message (so expect lots of double bounces in postmaster or Mailer-Daemon).

This will cause havoc with anti-spam measures people add in newsgroup 
messages (Verisign may DDOS themselves ;) ), and in the 
net.admin.net-abuse.email groups are looking at ways to block email that is 
headed to the IP 64.94.110.11, for that is the IP all invalid domains will 
now resolve to. There's also talk of this IP (or the /24 netblock) being 
border blocked at firewalls.

Needless to say, a number of admins are a tad annoyed with this :)

Thus if you have any script or config that rely on looking up domains in 
DNS and checking their validity, they will now almost certainly be broken.

More also at:
	http://www.theregister.co.uk/content/6/32852.html

Cheers,

Chris...

-- 
\ Chris Johnson           \ NP: Clannad - 15. White Fool
 \ cej [at] nightwolf.org.uk    ~-----,   
  \ http://cej.nightwolf.org.uk/  ~-----------------------------------, 
   \ Redclaw chat - http://redclaw.org.uk - telnet redclaw.org.uk 2000 \____



___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.