[94287] in North American Network Operators' Group
Re: what happens when you put a typo in a DNSBL server?
daemon@ATHENA.MIT.EDU (Wes Hardaker)
Tue Jan 16 16:22:19 2007
From: Wes Hardaker <wjhns61@hardakers.net>
To: John Levine <johnl@iecc.com>
Cc: nanog@nanog.org, wjhns61@hardakers.net
Date: Tue, 16 Jan 2007 13:19:40 -0800
In-Reply-To: <20070116180852.91506.qmail@simone.iecc.com> (John Levine's
message of "16 Jan 2007 18\:08\:52 -0000")
Errors-To: owner-nanog@merit.edu
>>>>> "JL" == John Levine <johnl@iecc.com> writes:
>> Previous to this date a misconfigured ISP was just not being
>> protected by the BL. Now, it's potentially dropping all mail from
>> anyone because of the typo.
JL> If only. I am constantly amazed at the bozos who misconfigure their
JL> DNSBL lookups and don't notice.
Part of the problem is that the protocol is designed to overlay an
existing protocol without providing a valid positive response. In
this case, lame ISP configures a typo and goes for ages without
noticing that it didn't help them at all because every query was
getting a NXDOMAIN back and they didn't check the traffic. Had this
been a real protocol you would have gotten back a 404 like message
instead! Shoe-horning DNS (or any protocol) into a solution works
well only if you don't make mistakes. And we know that never happens.
In the end, you don't get error messages when you misconfigure a
DNSBL. That's an architectural issue with how DNSBLs work in the
first place.
--
"In the bathtub of history the truth is harder to hold than the soap,
and much more difficult to find." -- Terry Pratchett
