<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: People forging their From: addresses


On Fri, Oct 02, 1998 at 04:38:08PM +0200, Xander Jansen wrote:
> + >    1)	If DNS really returns "NonExistant Domain"
> + >	you MAY return 5xx.
> +   In the (not so rare) cases where *all* NS servers for a certain domain
> +   are lost for a while (e.g. due to connetivity problems), you would then
> +   bounce perfectly valid mail.
> 
> But wouldn't that be SERVFAIL instead of NXDOMAIN ? If all authoritative
> nameservers for a particular domain are unreachable the domain still
> exists (since it is delegated from the nameservers one step higher in the
> tree). It is impossible however to get authoritative answers about the
> domain but that's different from the authoritative answer that the domain
> (or host) is non-existent.
> 
> It shouldn't be too hard to have an MTA distinguish between a DNS server
> failure (SERVFAIL) or an authoritative NXDOMAIN answer. SERVFAIL resulting
> in a 4xx error, NXDOMAIN in a 5xx.

That's exactly what I did, but I still ended up bouncing perfectly valid
mail. Dunno why... beats me. Might be mangling of UDP packets on hosts
that don't verify/send UDP checksums (like standard sunos 4.x machines)

--
#! ##### Jan-Pieter Cornet ##### johnpc@localhost ##### perl
++$_;$!=$_+++$_;($:,$,,$/,$*)=$!=~/.(.)...(.)(.).(.)/;$!=$_+$_;
($@,$\,$~)=$!=~/(.)(.).(.)/; $_="$,$/$:"; $@localhost $~="$~$_";($_)=
\$$=~/\((.)/;$|=++$_;$_++;$|++;$~="$~ $@localhost:";`$~$/$\$*$, $|>&$_`




<<< Chronological >>> Author    Subject <<< Threads >>>