RE: [IMail Forum] hotmail rejection???

Thu, 05 Dec 2002 07:44:27 -0800 



It was my understanding that if I allow recursion, then I might as well
allow malicious attackers to check my location for domains




unrestricted recursion opens you



1. to DoS attacks where the attacker spoof the UDP source addrsss (can't 
trace him) and sends you 1000's of queries per minute for real/bogus 
domains that send your DNS off to Internet to find the answers. The cache 
builds up, memory used.



2. an attacker can trigger your DNS to query his NS which could return 
extranesous and/or erroneous records in the Additional section, poisoning 
your cache.



So you want to restrict recursion and zone transfer tightly.




, etc. Is this
a correct assessment? The way I understand recursion, it is for
outsiders to check entries



for anybody to query your DNS for any domain




, and Not, for our DNS server to check others.



your DNS, as recursive, will query other DNS's.

here is the authoritative list of hotmail MX ip's:

Mgw1# dig @NS1.hotmail.com. hotmail.com mx

; <<>> DiG 8.3 <<>> @NS1.hotmail.com. hotmail.com mx
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 14
;; QUERY SECTION:
;;      hotmail.com, type = MX, class = IN

;; ANSWER SECTION:
hotmail.com.            1H IN MX        5 mx1.hotmail.com.
hotmail.com.            1H IN MX        5 mx2.hotmail.com.
hotmail.com.            1H IN MX        5 mx3.hotmail.com.
hotmail.com.            1H IN MX        5 mx4.hotmail.com.

;; AUTHORITY SECTION:
hotmail.com.            1H IN NS        ns1.hotmail.com.
hotmail.com.            1H IN NS        ns2.hotmail.com.
hotmail.com.            1H IN NS        ns3.hotmail.com.
hotmail.com.            1H IN NS        ns4.hotmail.com.

;; ADDITIONAL SECTION:
mx1.hotmail.com.        1H IN A         65.54.254.129
mx1.hotmail.com.        1H IN A         65.54.252.99
mx1.hotmail.com.        1H IN A         65.54.166.99
mx2.hotmail.com.        1H IN A         65.54.254.145
mx2.hotmail.com.        1H IN A         65.54.252.230
mx2.hotmail.com.        1H IN A         65.54.166.230
mx3.hotmail.com.        1H IN A         65.54.254.140
mx3.hotmail.com.        1H IN A         65.54.253.99
mx4.hotmail.com.        1H IN A         65.54.254.151
mx4.hotmail.com.        1H IN A         65.54.253.230
ns1.hotmail.com.        1H IN A         216.200.206.140
ns2.hotmail.com.        1H IN A         216.200.206.139
ns3.hotmail.com.        1H IN A         209.185.130.68
ns4.hotmail.com.        1H IN A         64.4.29.24

are those the ip's your Imail is trying to send to?

can you telnet to port 25 of those ip's and get an SMTP banner?

Len


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/



























					Reply via email to