Unfortunately this is common in the financial services realm. Compliance requires us to archive all IM messages from google, aol, msn, and yahoo. Blocking it with acls doesn't work since the IM clients will resort to http and are pretty clever about hiding it. Blocking IP addresses doesn't work since they change frequently. Spoofing the dns zones are the only solution. The IM archive server companies usually provide email updates when some of the zones changes.
---- Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 -----Original Message----- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Sam Wilson Sent: Monday, March 02, 2009 12:56 PM To: comp-protocols-dns-b...@isc.org Subject: Re: Adding records to a domain I don't control for anyone who uses my nameserver In article <goadgr$2au...@sf1.isc.org>, Barry Margolin <bar...@alum.mit.edu> wrote: > In article <go6pea$2ru...@sf1.isc.org>, > Brandon Dimcheff <bdimc...@wieldim.com> wrote: > > > Hello, > > > > I'm trying to configure BIND to add some records to a domain that I > > don't control, so that anybody who uses my nameserver will have the > > additional records. Specifically, I'm trying to add xmpp SRV records > > so our jabber infrastructure that uses our nameserver can contact a > > handful of domains properly. All other records for the domain should > > work as defined by their authoritative server. > > > > Example: > > > > dig @127.0.0.1 SRV _xmpp_client._tcp.example.com. should return my SRV > > record hosted by my server > > dig @127.0.0.1 A example.com should return example.com's A record by > > recursive lookup > > > > Does anybody have any suggestions? I've tried a few different things, > > but none of them seem to have worked. > > I don't think you can do this with BIND. Its database is organized by > names, not types. If a server is authoritative for a name, it will > never recurse for that name. He could create a local zone for the domain _xmpp_client._tcp.example.com containing only the SRV record (plus the necessary SOA and NS records). That way any lookups for *.example.com and *._tcp.example.com would get directed to the real example.com servers. It's a horrible thing to do, though, to claim authority for someone else's address space. What happens when example.com sets up its own _xmpp_client._tcp.example.com with different data in it? Who debugs that? Sam _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
