RE: [IMail Forum] hotmail rejection???

Fri, 06 Dec 2002 07:29:51 -0800 



> Are you trying to restrict queries against your domain (so that only
> certain people can find out your MX records, for example), or are you
> trying to make sure that only certain servers can query your DNS
> server (such as your mailserver)?

Only mailservers idealy.




It's time to buy the Cricket book.



What you want to do is not only virtually impossible, it's 
pointless.  There is no reason to restrict DNS queries (of domains you 
host) to other mailservers.  Is the IP address of your mailserver top 
secret?  No -- I know what it is, simply based on this post.




Basically I would like the public (world) to be able to query my DNS,




That's fine -- in that case, there is no reason to restrict DNS queries to 
mailservers.




however I do not want to be left open for DOS attacks (and the like).




<sigh>



It's time to read the book.  You are afraid of something that is impossible 
to protect against.  Even if you could magically restrict DNS queries to 
only those who really needed the information, the same person performing a 
DoS attack against you would be able to perform the exact same DoS 
attack.  When performing a DoS attack, they don't care what data they get 
back (and in most cases, they won't even get any data back).




So I checked that box to 'stop recursion.'




That's bad.  Not because checking that box is wrong -- but because you 
checked a box just for fun, without having any clue about what it 
does.  Even I can't figure out exactly what Microsoft means by that box, 
and I know a lot about DNS.




I guess I would like to do both,
(broadcast to the world, and not get punked by DOS) but apparently, I
cannot without additional DNS servers. Is that a correct assumption?




It's not possible to answer that question without re-hashing the same 
responses that are already on this list -- it's time to Buy The Book.



                                                   -Scott

---

Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for 
IMail.  http://www.declude.com



---

[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]





To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html

List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/

Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/























					Reply via email to