https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6338
--- Comment #10 from Mark Martinec <[email protected]> 2010-03-02 01:13:56 UTC --- > I'd like to let this "bake" in trunk for a little bit more, btw, > before putting it in 3.3.x, if that's ok. Sure, I haven't touched the target milestone. > If I understand you correctly, currently we require an exact match and that > could be causing some cheap-home DNS proxies, etc. to be having problems? Exactly. Or maybe with some proprietary/vendor DNS server used by some ISP or a company. > I'd say let's add a dbg that outputs the non-match if we can and if that > generates a lot of user questions, we open a different bug and address. Issuing a dbg() or info() on a mismatch would probably be a good idea. Unfortunately it is not trivial to implement - I guess that all queries would need to be stored twice, once with exact keys, and once with lowercased keys - as we depend or a perl hash for reverse mapping of a reply packet back to our query. I'll think about it. > Are you talking about a DNS server responding with a canonicalized, > all lower case version? Yes, likely, or all-caps, or maybe passing back whatever comes from the authority server. The quoted draft states: 6.1. Several popular authoritative DNS implemenations including ISC BIND (versions 4, 8, and 9), Nominum ANS, Akamai AKADNS, Neustar UltraDNS, Verisign Atlas, NLNetLabs NSD, PowerDNS, and DJBDNS were tested. All copied the question name exactly, bit for bit, from the request into the response. 6.2. Operational testing has revealed a small set of rare and/or private label authoritative DNS implementations who modify the 0x20 bits in question names while copying the question section from the request to the response. Usually this modification is to set the 0x20 bit, thus converting a domain name to be all-lower-case (0x61..0x7A, e.g., a-z). > Anyway, the "cheap home router" scenario is exactly what's most likely to > fail ALWAYS for large DNS BLs, as apposed to "sometimes" due to response > mis-match -- the DHCP assigned forwarder ISP's DNS is most likely to be > blacklisted by major DNS BLs, and that user won't get any hits for them. Not sure I follow. What I meant by 'sometimes' is that if a queried label happens to be e.g. all-lowercase, a query may succeed, but may fail with a mixed-case query. In our case, a queried label may come from a mail header section (like From, To, ...), or from a rule specifying a RBL/URIBL. -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
