- NZNOG - lists.nznog.org

RE: [nznog] Email for domains hosted by 2day.com
by Stephen Andrew 16 Sep '03

16 Sep '03

Keith Davidson wrote: > Juha wrote: >> 2-daaayyoh, 2-day-ay-ay-oh. Internet sucks and me wanna go home. >> >> Anyway, things seem to be working again. >> >> So who's going to roast point the Giant Flamethrower at Marina Del >> Rey? Perhaps this is a job for Captain InternetNZ? > > I guess it could be a job for InternetNZ. But it occurs to me that > Veri$ign are doing nothing "wrong", it's just not within the spirit > of Internet practices? [snip] Maybe not "wrong" exactly but... RFC 1912 (Informational) Wildcard As and CNAMEs are possible too, and are really confusing to users, and a potential nightmare if used without thinking first. It could result (due again to domain searching) in any telnet/ftp attempts from within the domain to unknown hosts to be directed to one address. One such wildcard CNAME (in *.edu.com) caused Internet-wide loss of services and potential security nightmares due to unexpected interactions with domain searching. It resulted in swift fixes, and even an RFC ([RFC 1535]) documenting the problem. RFC 1535 makes interesting reading. -- Andrew Stephen DDI: +64 4 460 6849 IT Security Architect Mobile: +64 25 582 304 New Zealand Post Fax: +64 4 494 4299 "...shouldn't a DMZ actually be called a Free Fire Zone?" -- Chris Mahn, Three Tiered DMZ's, May 2001 This email with any attachments is confidential and may be subject to legal privilege. If it is not intended for you please reply immediately, destroy it and do not copy, disclose or use it in any way.

1 0

Re: [nznog] Email for domains hosted by 2day.com
by Ewen McNeill 16 Sep '03

16 Sep '03

In message <20030917002145.71549.qmail(a)web13607.mail.yahoo.com>, Stephen Sheehan writes: >Does anybody have a workaround. for .nz MX records ewen(a)basilica:~ $ host -t MX eaudio.co.nz eaudio.co.nz mail is handled by 10 mail.2day.com. ewen(a)basilica:~ $ host mail.2day.com mail.2day.com has address 64.94.110.11 The message you're seeing from 64.94.110.11 -- Verisign's wonderful "all domains are ours" IP address -- is that it won't accept mail for the domain eaudio.co.nz. No great surprise. It won't accept mail for anything else either. In fact, it's got a very fixed pattern of responses to absolutely anything at all you send it. I suspect the MX record is cached, and the A record for mail.2day.com isn't cached/available any longer. If it weren't for Verisign adding their brokenness to the .com/.net DNS yesterday, then you'd at least get a NXDOMAIN error on mail.2day.com and it'd be more obvious what was wrong. If you want a work around I suggest something like the bind forward entry that has already been posted on nznog, at some point where it's visible to your mail server. 2day.com might be able to achieve some improvements by changing all the MX records on the domains for which they handle DNS and Mail to something not under 2day.com and/or by doing a bulk update on the NZ Register for the names that they host the DNS to nameservers not under 2day.com (but that'd need to be done carefully, and would have to wait for zone push/cache expiry anyway). Ewen

1 0

Verisign grabs *.net and *.com
by Simon Lyall 16 Sep '03

16 Sep '03

FYI verisign have just adjusted the gTLD name servers to return point to their one IP for any .net (and soon .com) domain that doesn't exist. eg: $ host kjjhgkjhskhg.net kjjhgkjhskhg.net has address 64.94.110.11 $ host uyowiriu777777.net uyowiriu777777.net has address 64.94.110.11 This may break stuff (ie if you refuse email from bogus domains). See: http://www.verisign.com/resources/gd/sitefinder/implementation.pdf http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf http://www.cbronline.com/latestnews/d04afc52ae9da2ee80256d9c0018be8b -- Simon J. Lyall. | Very Busy | Mail: simon(a)darkmere.gen.nz "To stay awake all night adds a day to your life" - Stilgar | eMT.

7 8

2day.com assistance required
by Joe Abley 16 Sep '03

16 Sep '03

Forwarded for Rob, since he's subscribed to nznog using his 2day.com address (see below). Mail to 2day.com addresses is currently being bounced by the host listed in the wildcard A record in the COM zone, so if your customers call and complain that they can't send mail to foo(a)2day.com, this is probably why. Begin forwarded message: > From: Rob Isaac <rob(a)automagic.org> > Date: Tue Sep 16, 2003 17:10:32 Canada/Eastern > To: jabley(a)automagic.org > Subject: 2day.com assistance required > > > A registrar inadvertently put the 2day.com zone on REGISTRAR HOLD, with > the unpleasant result of removing it from the root zone. > > This makes hosts in the zone 2day.com unresolvable. The registrar in > question has been appropriately disciplined, but it will be some time > until the root zone is updated. > > In the meantime, it would be helpful if you could add a stub to your > name servers, so that requests for things in the 2day.com zone are > still > resolved appropriately until the root servers catch up. This should > reduce your customer support load relating to services hosted by > 2day.com. > > Sample stub for BIND8, mangle as appropriate. > > --- snip --- > zone "2day.com" { > type stub; > file "2day.com"; > masters { 202.37.240.3; 198.32.66.4; 203.118.144.212; } > }; > --- snip --- > > > <R>< > >

4 5

[Fwd: Re: [spamtools] Verisign hijack *.net]
by Juha Saarinen 15 Sep '03

15 Sep '03

I didn't even know there was a .museum... -------- Original Message -------- Subject: Re: [spamtools] Verisign hijack *.net Date: Tue, 16 Sep 2003 03:31:30 -0600 (MDT) From: Bruce Gingery <antispam(a)gtcs.com> Reply-To: spamtools(a)lists.abuse.net To: SpamTools <spamtools(a)lists.abuse.net> This is a widespread problem. Vix has been doing this, mostly unnoticed, with dot-museum for months (perhaps since .museum startup). Checking, a few minutes ago... *.ac A 194.205.62.122 *.cc A 206.253.214.102 *.com A 64.94.110.11 *.cx A 219.88.106.80 *.museum A 195.7.77.20 *.net A 64.94.110.11 *.nu A 64.55.105.9 and A 212.181.91.6 *.sh A 194.205.62.62 *.tm A 194.205.62.62 *.ws A 216.35.187.246 Other domains checked (I don't THINK I missed any active ones, but could have missed a recently-activated ccTLD) do NOT have this bogus behaviour. RCFDNS + FCRDNS is now a NECESSITY - for client of an smtp connection for HELO/EHLO parameter for domain of sender hacks and patches welcome. Remember, sendmail 8.11.x does NOT have the "dns" map, and 8.12.x recently had bad code in that same map. There is only so much you can do with: $[ $] K<name> host K<name> bestmx etc. For those stuck with 8.11 or below binaries, and no ready- to-use MILTER on their OS, this may require a regexp to sanitize, followed by an external program map. Meanwhile, any FCRDNS, and RCFDNS provisions are helpful, especially if you bogus the PNAP nameservers doing VeriSign's rdns for 64.94.110.11 and comparable DNS servers for other bogus domain resolutions.

2 2

Verisign "cure" from comp.sendmail
by Juha Saarinen 15 Sep '03

15 Sep '03

LOCAL_CONFIG Kverisign dns -R A -a. -T<TMP> -r 5 SLocal_check_mail R$* $: $>canonify $1 R$*<@$*.> $: $1<@$2> Strip the trailing . if present R$*<@$+> $: $(verisign $2 $) R$+<TMP> $#error $@ 4.7.1 $: "451 Temporary lookup failure: try again later" R64.94.110.$* $#error $: "550 Real domain name required for sender address"

1 0

RE: [nznog] Verisign grabs *.net and *.com
by Paul Adshead 15 Sep '03

15 Sep '03

> > Just to get click-through money! > > On the other hand, ISPs can now add their own redirect rule for > 64.94.110.11 to point to *their own* advertising page (or "VeriSign > Suck" page). I hope some do, if only to piss VeriSign off. Indeed, how many Corporate firewalls _already_ redirect: "ads.<domain name>.co.nz"; "ads.<domain name>.com" etc, etc to an internal webserver (- with error 404 set to give a blank page), in order to cutdown on all of the adverts appearing on the corporate LAN??? Paul Adshead.

1 0

Linux Router
by Tikiri Wicks 15 Sep '03

15 Sep '03

Does anyone know anything about this product http://www.imagestream.com/Enterprise.html Cheers Tikiri

2 1

Reminder - "Handle the Jandal" webcast tonight
by Richard Naylor 15 Sep '03

15 Sep '03

Doubt if it will break anything, but just a reminder that the "Handle the Jandal" webcast is tonight. Might get a few viewers. Starts at 7:00pm - Online voting will take place as well. Webcast details at http://www.r2.co.nz/20030916/ and http://www.radioactive.co.nz rich

1 0

RE: [nznog] Big Geek Programme '04
by Donald Neal 11 Sep '03

11 Sep '03

> From: Lin Nah [mailto:lin(a)darkmere.gen.nz] > Sent: Thursday, 11 September 2003 17:17 > To: Tony McGregor > Cc: Donald Neal; Simon Lyall; nznog(a)list.waikato.ac.nz > Subject: RE: [nznog] Big Geek Programme '04 [...] > Actually I came across the concept of "Open Space" when reading a > blog entry by Bruce Eckel. http://mindview.net/WebLog/log-0004 says > "One of the new features here at the conference is "Open > Space" which I > was initially skeptical about but which seems to be working > astoundingly > well. The room where the keynote talks are being held has boards where > you can post a topic for a time slot. The original idea was a talk at > the front of the room and one at the back, but it seems that > tables have > been taken over for individual discussions and as a result there are > already more discussions than two at any one time. There needs to be a formal programme for a number of reasons. One is that we do hope to cover some topics in the sort of detail which isn't compatible with short presentations. Another is so that attendees have something to show their managers. :{)* Other things can certainly be done as well. There used to be these things called BOF's ... Donald Neal | "And if you think virus Technical Specialist | writers are scary, you Operations Engineering | have clearly never met a Integration & Services Divn. | tort lawyer." Alcatel NZ Ltd | - The Economist 28/8/03 All opinions mine only. | ------------------------------------------------------------------------------ "This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you." ------------------------------------------------------------------------------

1 0