You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Scheidell <sc...@secnap.net> on 2007/04/18 16:37:52 UTC
How to workaround RFCI / DNS issue with frontbridge clients?
I like RFCI blacklists.. I use RFCI, I don't want to debate it, you
don't have to use them if you don't like them. You can set all the
scores to 0 if you won't want to use it.
I have a minor (DNS?) issue that might involve every frontbride client
in the world, and anyone using RFCI bogusx MX blacklist. Or it might
affect every frontbridge client trying to get emails (if the TLD's are
messed up)
I think I might have a fix for the RFCI. If you want to know WHY, read
below.
Quick fix for SA, in local.cf:
score DNS_FROM_RFC_BOGUSMX 0
Quick fix for postfix/mta, remove the check for bogusmx in main.cf
I can't fix the GTLD's.
For background, it looks like mail.global.frontbridge.com is not listed
in G.TLD
Find a frontbridge user (someone whos mx record points to
mail.global.frontbridge.com
If you don't want to blacklist a client or friend, you can lookup an
existing record:
http://www.rfc-ignorant.org/tools/lookup.php?domain=advisor.com
Apparently this problem has been there (on the part of frontbridge?
TLD's? since Aug 8.
www.rfc-ignorant.org
Click on 'bogusmx'
Put that domain in the box, I think it will come up with this:
Bogusmx passed muster and has been added to database.
Click on details, and see:
Current status:
Return Code: 8
Description: g.gtld-servers.net reported that there was no A RR for
mail.global.frontbridge.com but it is not an NXDOMAIN
Trouble is, I don't know if all the TLD's are supposed to have records
for mail.global.frontbridge.com or not.
>From MY view, I don't see g.gtld-servers listed:
nslookup
Default Server: secnap2.secnap.com
Address: 10.70.1.2
> root
Default Server: f.root-servers.net
Address: 192.5.5.241
> mail.global.frontbridge.com.
Server: f.root-servers.net
Address: 192.5.5.241
Name: mail.global.frontbridge.com
Served by:
- H.GTLD-SERVERS.NET
192.54.112.30
com
- I.GTLD-SERVERS.NET
192.43.172.30
com
- J.GTLD-SERVERS.NET
192.48.79.30
com
- K.GTLD-SERVERS.NET
192.52.178.30
com
- L.GTLD-SERVERS.NET
com
- M.GTLD-SERVERS.NET
com
- A.GTLD-SERVERS.NET
192.5.6.30, 2001:503:a83e::2:30
com
- B.GTLD-SERVERS.NET
192.33.14.30, 2001:503:231d::2:30
com
- C.GTLD-SERVERS.NET
192.26.92.30
com
- D.GTLD-SERVERS.NET
192.31.80.30
com
Now, funny thing, lookup for 'frontbride.com' shows all TLD's, including
G. But lookup for subdomains doesn't.
Any dns experts know why?
--
Michael Scheidell, CTO
SECNAP Network Security
561-999-5000 x 1131
www.secnap.com
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(tm).
For Information please see http://www.spammertrap.com
_________________________________________________________________________
Re: How to workaround RFCI / DNS issue with frontbridge
clients?
Posted by SM <sm...@resistor.net>.
At 07:37 18-04-2007, Michael Scheidell wrote:
>Trouble is, I don't know if all the TLD's are supposed to have records
>for mail.global.frontbridge.com or not.
Ask the nameservers which are authoritative for mail.global.frontbridge.com:
frontbridge.com. 172800 IN NS ns10-f.bigfish.com.
frontbridge.com. 172800 IN NS ns15-f.bigfish.com.
frontbridge.com. 172800 IN NS ns16-f.bigfish.com.
frontbridge.com. 172800 IN NS ns17-f.bigfish.com.
frontbridge.com. 172800 IN NS ns8-f.bigfish.com.
frontbridge.com. 172800 IN NS ns9-f.bigfish.com.
The "TLDs" tell you which nameserver(s) to query.
Regards,
-sm
RE: How to workaround RFCI / DNS issue with frontbridge clients?
Posted by Michael Scheidell <sc...@secnap.net>.
> -----Original Message-----
> From: Dan Barker [mailto:dbarker@visioncomm.net]
> Sent: Wednesday, April 18, 2007 11:02 AM
> To: users@spamassassin.apache.org
> Subject: RE: How to workaround RFCI / DNS issue with
> frontbridge clients?
>
> I don't know what's wrong with your nslookup, but dig is
> fine. Both return the same up to the final results.
>
Not just mine, but the one run by rfc-ignorant.org.
Same results.
Why not try 'nslookup' just like I did and not 'dig'?
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(tm).
For Information please see http://www.spammertrap.com
_________________________________________________________________________
RE: How to workaround RFCI / DNS issue with frontbridge clients?
Posted by Dan Barker <db...@visioncomm.net>.
I don't know what's wrong with your nslookup, but dig is fine. Both return
the same up to the final results.
dbarker@linux04:~$ dig +trace mail.global.frontbridge.com
; <<>> DiG 9.2.2-P3 <<>> +trace mail.global.frontbridge.com
;; global options: printcmd
. 85975 IN NS c.root-servers.net.
. 85975 IN NS d.root-servers.net.
. 85975 IN NS e.root-servers.net.
. 85975 IN NS f.root-servers.net.
. 85975 IN NS g.root-servers.net.
. 85975 IN NS h.root-servers.net.
. 85975 IN NS i.root-servers.net.
. 85975 IN NS j.root-servers.net.
. 85975 IN NS k.root-servers.net.
. 85975 IN NS l.root-servers.net.
. 85975 IN NS m.root-servers.net.
. 85975 IN NS a.root-servers.net.
. 85975 IN NS b.root-servers.net.
;; Received 449 bytes from 172.30.0.3#53(172.30.0.3) in 1 ms
com. 172800 IN NS A.GTLD-SERVERS.NET.
com. 172800 IN NS B.GTLD-SERVERS.NET.
com. 172800 IN NS C.GTLD-SERVERS.NET.
com. 172800 IN NS D.GTLD-SERVERS.NET.
com. 172800 IN NS E.GTLD-SERVERS.NET.
com. 172800 IN NS F.GTLD-SERVERS.NET.
com. 172800 IN NS G.GTLD-SERVERS.NET.
com. 172800 IN NS H.GTLD-SERVERS.NET.
com. 172800 IN NS I.GTLD-SERVERS.NET.
com. 172800 IN NS J.GTLD-SERVERS.NET.
com. 172800 IN NS K.GTLD-SERVERS.NET.
com. 172800 IN NS L.GTLD-SERVERS.NET.
com. 172800 IN NS M.GTLD-SERVERS.NET.
;; Received 505 bytes from 192.33.4.12#53(c.root-servers.net) in 32 ms
frontbridge.com. 172800 IN NS ns10-f.bigfish.com.
frontbridge.com. 172800 IN NS ns15-f.bigfish.com.
frontbridge.com. 172800 IN NS ns16-f.bigfish.com.
frontbridge.com. 172800 IN NS ns17-f.bigfish.com.
frontbridge.com. 172800 IN NS ns8-f.bigfish.com.
frontbridge.com. 172800 IN NS ns9-f.bigfish.com.
;; Received 273 bytes from 192.5.6.30#53(A.GTLD-SERVERS.NET) in 30 ms
mail.global.frontbridge.com. 10 IN A 213.199.154.22
;; Received 61 bytes from 206.16.192.228#53(ns10-f.bigfish.com) in 24 ms
dbarker@linux04:~$ dig +trace frontbridge.com
; <<>> DiG 9.2.2-P3 <<>> +trace frontbridge.com
;; global options: printcmd
. 85917 IN NS c.root-servers.net.
. 85917 IN NS d.root-servers.net.
. 85917 IN NS e.root-servers.net.
. 85917 IN NS f.root-servers.net.
. 85917 IN NS g.root-servers.net.
. 85917 IN NS h.root-servers.net.
. 85917 IN NS i.root-servers.net.
. 85917 IN NS j.root-servers.net.
. 85917 IN NS k.root-servers.net.
. 85917 IN NS l.root-servers.net.
. 85917 IN NS m.root-servers.net.
. 85917 IN NS a.root-servers.net.
. 85917 IN NS b.root-servers.net.
;; Received 449 bytes from 172.30.0.3#53(172.30.0.3) in 1 ms
com. 172800 IN NS A.GTLD-SERVERS.NET.
com. 172800 IN NS B.GTLD-SERVERS.NET.
com. 172800 IN NS C.GTLD-SERVERS.NET.
com. 172800 IN NS D.GTLD-SERVERS.NET.
com. 172800 IN NS E.GTLD-SERVERS.NET.
com. 172800 IN NS F.GTLD-SERVERS.NET.
com. 172800 IN NS G.GTLD-SERVERS.NET.
com. 172800 IN NS H.GTLD-SERVERS.NET.
com. 172800 IN NS I.GTLD-SERVERS.NET.
com. 172800 IN NS J.GTLD-SERVERS.NET.
com. 172800 IN NS K.GTLD-SERVERS.NET.
com. 172800 IN NS L.GTLD-SERVERS.NET.
com. 172800 IN NS M.GTLD-SERVERS.NET.
;; Received 493 bytes from 192.33.4.12#53(c.root-servers.net) in 32 ms
frontbridge.com. 172800 IN NS ns10-f.bigfish.com.
frontbridge.com. 172800 IN NS ns15-f.bigfish.com.
frontbridge.com. 172800 IN NS ns16-f.bigfish.com.
frontbridge.com. 172800 IN NS ns17-f.bigfish.com.
frontbridge.com. 172800 IN NS ns8-f.bigfish.com.
frontbridge.com. 172800 IN NS ns9-f.bigfish.com.
;; Received 261 bytes from 192.5.6.30#53(A.GTLD-SERVERS.NET) in 29 ms
frontbridge.com. 3600 IN A 12.129.199.41
frontbridge.com. 3600 IN NS ns8-f.bigfish.com.
frontbridge.com. 3600 IN NS ns9-f.bigfish.com.
frontbridge.com. 3600 IN NS ns10-f.bigfish.com.
frontbridge.com. 3600 IN NS ns15-f.bigfish.com.
frontbridge.com. 3600 IN NS ns16-f.bigfish.com.
frontbridge.com. 3600 IN NS ns17-f.bigfish.com.
;; Received 277 bytes from 206.16.192.228#53(ns10-f.bigfish.com) in 27 ms
Just for jollies, I tried nslookup.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS>nslookup
Default Server: server.visioncomm.net
Address: 172.30.0.2
> root
Default Server: A.ROOT-SERVERS.NET
Address: 198.41.0.4
> frontbridge.com
Server: A.ROOT-SERVERS.NET
Address: 198.41.0.4
Name: frontbridge.com
Served by:
- L.GTLD-SERVERS.NET
192.41.162.30
com
- M.GTLD-SERVERS.NET
com
- A.GTLD-SERVERS.NET
192.5.6.30
com
- B.GTLD-SERVERS.NET
192.33.14.30
com
- C.GTLD-SERVERS.NET
192.26.92.30
com
- D.GTLD-SERVERS.NET
192.31.80.30
com
- E.GTLD-SERVERS.NET
192.12.94.30
com
- F.GTLD-SERVERS.NET
192.35.51.30
com
- G.GTLD-SERVERS.NET
192.42.93.30
com
- H.GTLD-SERVERS.NET
192.54.112.30
com
> mail.global.frontbridge.com
Server: A.ROOT-SERVERS.NET
Address: 198.41.0.4
Name: mail.global.frontbridge.com
Served by:
- L.GTLD-SERVERS.NET
com
- M.GTLD-SERVERS.NET
com
- A.GTLD-SERVERS.NET
192.5.6.30
com
- B.GTLD-SERVERS.NET
192.33.14.30
com
- C.GTLD-SERVERS.NET
192.26.92.30
com
- D.GTLD-SERVERS.NET
192.31.80.30
com
- E.GTLD-SERVERS.NET
192.12.94.30
com
- F.GTLD-SERVERS.NET
192.35.51.30
com
- G.GTLD-SERVERS.NET
192.42.93.30
com
- H.GTLD-SERVERS.NET
192.54.112.30
com
"G" is in both. I wonder where nslookup gets it's values for "root"? I know
where DNS Server does. Let me snoop.
...
regedit
...
Nope, not int there. I have no idea. To answer your question about your
results being different, the root servers do not contain any information
about subdomains. They simply reflect the DNS servers that DO handle the
various second-level domains. Your tertiary and quatranary requests are
simply being truncated to frontbridge.com by the root servers.
Interesting issue you report, but not repeatable here (Southeast US).
Dan
-----Original Message-----
From: Michael Scheidell [mailto:scheidell@secnap.net]
Sent: Wednesday, April 18, 2007 10:38 AM
To: users@spamassassin.apache.org
Cc: support@frontbridge.com
Subject: How to workaround RFCI / DNS issue with frontbridge clients?
I like RFCI blacklists.. I use RFCI, I don't want to debate it, you
don't have to use them if you don't like them. You can set all the
scores to 0 if you won't want to use it.
I have a minor (DNS?) issue that might involve every frontbride client
in the world, and anyone using RFCI bogusx MX blacklist. Or it might
affect every frontbridge client trying to get emails (if the TLD's are
messed up)
I think I might have a fix for the RFCI. If you want to know WHY, read
below.
Quick fix for SA, in local.cf:
score DNS_FROM_RFC_BOGUSMX 0
Quick fix for postfix/mta, remove the check for bogusmx in main.cf
I can't fix the GTLD's.
For background, it looks like mail.global.frontbridge.com is not listed
in G.TLD
Find a frontbridge user (someone whos mx record points to
mail.global.frontbridge.com
If you don't want to blacklist a client or friend, you can lookup an
existing record:
http://www.rfc-ignorant.org/tools/lookup.php?domain=advisor.com
Apparently this problem has been there (on the part of frontbridge?
TLD's? since Aug 8.
www.rfc-ignorant.org
Click on 'bogusmx'
Put that domain in the box, I think it will come up with this:
Bogusmx passed muster and has been added to database.
Click on details, and see:
Current status:
Return Code: 8
Description: g.gtld-servers.net reported that there was no A RR for
mail.global.frontbridge.com but it is not an NXDOMAIN
Trouble is, I don't know if all the TLD's are supposed to have records
for mail.global.frontbridge.com or not.
>>From MY view, I don't see g.gtld-servers listed:
nslookup
Default Server: secnap2.secnap.com
Address: 10.70.1.2
> root
Default Server: f.root-servers.net
Address: 192.5.5.241
> mail.global.frontbridge.com.
Server: f.root-servers.net
Address: 192.5.5.241
Name: mail.global.frontbridge.com
Served by:
- H.GTLD-SERVERS.NET
192.54.112.30
com
- I.GTLD-SERVERS.NET
192.43.172.30
com
- J.GTLD-SERVERS.NET
192.48.79.30
com
- K.GTLD-SERVERS.NET
192.52.178.30
com
- L.GTLD-SERVERS.NET
com
- M.GTLD-SERVERS.NET
com
- A.GTLD-SERVERS.NET
192.5.6.30, 2001:503:a83e::2:30
com
- B.GTLD-SERVERS.NET
192.33.14.30, 2001:503:231d::2:30
com
- C.GTLD-SERVERS.NET
192.26.92.30
com
- D.GTLD-SERVERS.NET
192.31.80.30
com
Now, funny thing, lookup for 'frontbride.com' shows all TLD's, including
G. But lookup for subdomains doesn't.
Any dns experts know why?
--
Michael Scheidell, CTO
SECNAP Network Security
561-999-5000 x 1131
www.secnap.com
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(tm).
For Information please see http://www.spammertrap.com
_________________________________________________________________________