Re: how to avoid receiving email w. sender forged to be a host in my domain
2004-08-12 11:22:37On Thu, Aug 12, 2004 at 01:53:16PM -0400, Tom wrote:
"Note: (July 22nd 2004) apparently there's a bug in BIND: if the last record in a zone file is a TXT record, things break. Solution: don't make it the last line."
Well, someone should delete this from the site, all my zonefiles have a TXT record as the last record (ok, there is an empty line after that, so technically it is not the last line.....)
The problem that I am experiencing currently is with having a wildcard TXT record: ... Aug 12 17:49:55 vhost4 named[5522]: zone 2urx.com/IN: loaded serial 2004081201 Aug 12 17:49:55 vhost4 named[5522]: zone 2yourx.com/IN: loaded serial 2004081201 Aug 12 17:49:55 vhost4 named[5522]: dns_master_load: corwine.com.zone:24: *.corwine.com: CNAME and other data Aug 12 17:49:55 vhost4 named[5522]: zone corwine.com/IN: loading master file corwine.com.zone: CNAME and other data Aug 12 17:49:55 vhost4 named[5522]: zone longshipsandredherrings.com/IN: loaded serial 2004081202 Aug 12 17:49:55 vhost4 named[5522]: zone ncfintergroup.com/IN: loaded serial 2004081202 ... In the above example, the corwine.com zone file has a wildcard TXT entry, the other domain's zone files have the wildcard TXT entry commented out. Notice how corwine.com does not load the serial number, and in fact the whole SOA record seems to be ignored. BIND also seems to believe it is not athoritive for corwine.com. Commenting out the wildcard TXT record fixes the problem. There may be a logic explaination as to why this is happening, I just don't know it. Being that this is a spf list, I would be happy to discuss this with anyone if you email me directly instead of clogging the spf list with BIND talk anymore than I already have. _____________
Look at the log very very very carefully.. Aug 12 17:49:55 vhost4 named[5522]: dns_master_load:corwine.com.zone:24: *.corwine.com: CNAME and other data You can't mix CNAME with any other record type.. So apparenlty you have a CNAME on * already. In that case, spf will check the record of the cname's destination.. koen -- K.F.J. Martens, Sonologic, http://www.sonologic.nl/ Networking, embedded systems, unix expertise, artificial intelligence. Public PGP key: http://www.metro.cx/pubkey-gmc.asc Wondering about the funny attachment your mail program can't read? Visit http://www.openpgp.org/ ------- Sender Policy Framework: http://spf.pobox.com/ Archives at http://archives.listbox.com/spf-discuss/current/ http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features SPF and Sender ID. To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
pgpPmFq7tkv4n.pgp
Description: PGP signature
| Previous by Date: | Re: how to avoid receiving email w. sender forged to be a host in my domain, Stuart D. Gathman |
|---|---|
| Next by Date: | Re: how to avoid receiving email w. sender forged to be a host in my domain, Len Conrad |
| Previous by Thread: | Re: how to avoid receiving email w. sender forged to be a host in my domain, Tom |
| Next by Thread: | how to avoid receiving email w. sender forged to be a host in my domain, Roger Moser |
| Indexes: | [Date] [Thread] [Top] [All Lists] |