what happens when you put a typo in a DNSBL server?
Wes Hardaker
wjhns61 at hardakers.net
Tue Jan 16 21:19:40 UTC 2007
>>>>> "JL" == John Levine <johnl at iecc.com> writes:
>> Previous to this date a misconfigured ISP was just not being
>> protected by the BL. Now, it's potentially dropping all mail from
>> anyone because of the typo.
JL> If only. I am constantly amazed at the bozos who misconfigure their
JL> DNSBL lookups and don't notice.
Part of the problem is that the protocol is designed to overlay an
existing protocol without providing a valid positive response. In
this case, lame ISP configures a typo and goes for ages without
noticing that it didn't help them at all because every query was
getting a NXDOMAIN back and they didn't check the traffic. Had this
been a real protocol you would have gotten back a 404 like message
instead! Shoe-horning DNS (or any protocol) into a solution works
well only if you don't make mistakes. And we know that never happens.
In the end, you don't get error messages when you misconfigure a
DNSBL. That's an architectural issue with how DNSBLs work in the
first place.
--
"In the bathtub of history the truth is harder to hold than the soap,
and much more difficult to find." -- Terry Pratchett
More information about the NANOG
mailing list