spf-discuss
[Top] [All Lists]

RE: Fw: Wildcard DNS entry

2004-09-09 08:40:42
You missed one!
4.5. example.co.uk

I had said once before that we need a service that lists top level domains.
Then you would know where to stop.  co.uk would be listed as a top level
domain.  A small sample of the list: ".", "com.", "co.uk.".

What if someone were selling sub domains, then they should be added too,
maybe.  Example: at one time "Watkins.net." was selling sub domains.  So I
could have bought "guy.watkins.net."  So, "Watkins.net." maybe should be
considered a top level domain.  Maybe not!  Just a thought.

I don't like climbing the tree anymore.  I think you convinced me. :)
F'ing DOS, ...oops... DoS.  :)

Guy

-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of 
william(at)elan.net
Sent: Thursday, September 09, 2004 10:14 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: Fw: [spf-discuss] Wildcard DNS entry

----- Original Message -----
From: "jpinkerton" <johnp(_at_)idimo(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>

What is a parent of "my.very.long.domain.example.com"?
If you say its "example.com", how are going to decide when you see 
"my.very.long.domain.example.co.uk" ?

Can you not use multiple wildcards - 
*.example.com
*.*.example.com
*.*.*.example.com
etc. ad nauseum?

I. There can be only one wildcard under the domain, i.e. *.example.com 
   will reach anything below and its not necessary to do *.*.example.com
   so please don't do examples as above

II.If the question is really can you ask SPF validating agent who needs to 
   find about "my.very.long.domain.example.co.uk" to do lookup as follows:
    1. my.very.long.domain.example.co.uk
    2. very.long.domain.example.co.uk
    3. long.domain.example.co.uk
    4. domain.example.co.uk
    5. co.uk

   The result will be large number of dns lookups that are necessary 
   (leading "ad nauseum" ..) and still its not precisely clear where to 
   stop. As you can see from above the stop should be at #4, but if
   domain owner failed to put SPF record on #4, you will end up going
   to co.uk leading to overloading CCTLD dns server with bogus queries
   (and if I were co.uk operator I would get mad as hell ...).

   Additionally the above opens up number of interesting and DoS 
   possibilities giving the attacker a "low-cost" option of how to
   cause victim to perform queries in the 10 times or more in numbers
   then what it attacker himself did. 

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription, 
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com


<Prev in Thread] Current Thread [Next in Thread>