At 4:14 PM -0700 2003/07/23, Hugh Caley wrote:

 I've got a mailman installation in our legacy domain
 (mailman.neomorphic.com).  For polical reasons we'd like to have lists
 show up as being from the new domain (mailman.affymetrix.com).

Sounds reasonable.


                                                                 We have
 a cname that points the new name to the old; the new name is set as the
 base URL for the Mailman web interface.
 It all works fine, except that we haven't been able to find a way to
 make going to URL http://mailman.affymetrix.com equivalent to going to
 http://mailman.affymetrix.com/mailman/listinfo; instead going to
 http://mailman.affymetrix.com redirects the user to
 http://mailman.neomorphic.com/mailman/listinfo, no matter what I do
 with apache config.

Anyone know how I can get this to work?

Well, let's first look at the DNS. Checking out the legacy name, I see:


% dig @a.gtld-servers.net. neomorphic.com. soa

; <<>> DiG 9.2.2 <<>> @a.gtld-servers.net. neomorphic.com. soa
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23289
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;neomorphic.com.                        IN      SOA

;; AUTHORITY SECTION:
neomorphic.com.         172800  IN      NS      ns3.emf.net.
neomorphic.com.         172800  IN      NS      ns.neomorphic.com.

;; ADDITIONAL SECTION:
ns3.emf.net.            172800  IN      A       205.149.0.21
ns.neomorphic.com.      172800  IN      A       205.217.46.66

;; Query time: 123 msec
;; SERVER: 192.5.6.30#53(a.gtld-servers.net.)
;; WHEN: Thu Jul 24 01:33:25 2003
;; MSG SIZE  rcvd: 106

% dig @ns.neomorphic.com. neomorphic.com. soa

; <<>> DiG 9.2.2 <<>> @ns.neomorphic.com. neomorphic.com. soa
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53758
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;neomorphic.com.                        IN      SOA

;; ANSWER SECTION:
neomorphic.com. 36001 IN SOA neomorphic.com. hostmaster.neomorphic.com. 2003052900 36001 3600 360000 36001


;; AUTHORITY SECTION:
neomorphic.com.         36001   IN      NS      roma.neomorphic.com.
neomorphic.com.         36001   IN      NS      ns3.emf.net.

;; ADDITIONAL SECTION:
roma.neomorphic.com.    36001   IN      A       205.217.46.66
ns3.emf.net.            167930  IN      A       205.149.0.21

;; Query time: 207 msec
;; SERVER: 205.217.46.66#53(ns.neomorphic.com.)
;; WHEN: Thu Jul 24 01:34:16 2003
;; MSG SIZE  rcvd: 155

% dig @ns3.emf.net. neomorphic.com. soa

; <<>> DiG 9.2.2 <<>> @ns3.emf.net. neomorphic.com. soa
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5756
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;neomorphic.com.                        IN      SOA

;; ANSWER SECTION:
neomorphic.com. 33017 IN SOA neomorphic.com. hostmaster.neomorphic.com. 2003052900 36001 3600 360000 36001


;; AUTHORITY SECTION:
neomorphic.com.         137815  IN      NS      ns3.emf.net.
neomorphic.com.         137815  IN      NS      ns.neomorphic.com.

;; ADDITIONAL SECTION:
ns3.emf.net.            147103  IN      A       205.149.0.21
ns.neomorphic.com.      112152  IN      A       205.217.46.66

;; Query time: 208 msec
;; SERVER: 205.149.0.21#53(ns3.emf.net.)
;; WHEN: Thu Jul 24 01:33:53 2003
;; MSG SIZE  rcvd: 153


So, right there, we see that the primary and the secondary are handing out slightly different answers for the nameservers for neomorphic.com -- ns.neomorphic.com and ns3.emf.net vs. roma.neomorphic.com and ns3.emf.net. Also note that the secondary is not handing out authoritative answers (there's no "aa" bit set in the "flags:" field. Moreover, ns3.emf.net is advertising itself as a public caching/recursive nameserver (the "ra" bit is set in the "flags:" field), which means that this machine is vulnerable to cache pollution/poisoning, and could be used as a vector to help break into your network more easily.


Checking things with dnswalk, I see:

% dnswalk -ralF neomorphic.com.
Getting zone transfer of neomorphic.com. from ns3.emf.net....failed.
Getting zone transfer of neomorphic.com. from roma.neomorphic.com....done.
Checking neomorphic.com.
teamsite.neomorphic.com. 36001: invalid character(s) in name
teamsite.neomorphic.com. 36001 A 205.217.46.82: points to www.genomeathome.com
firewall.neomorphic.com. 36001: invalid character(s) in name
firewall.neomorphic.com. 36001 A 205.217.46.68: points to firewall.neomorphic.com


So, while ns3.emf.net is an open public/recursive caching nameserver, they do appear to have zone transfers turned off.

Let's look a bit further:

% dig @ns.neomorphic.com. mailman.neomorphic.com. any

; <<>> DiG 9.2.2 <<>> @ns.neomorphic.com. mailman.neomorphic.com. any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10354
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mailman.neomorphic.com.                IN      ANY

;; AUTHORITY SECTION:
neomorphic.com. 36001 IN SOA neomorphic.com. hostmaster.neomorphic.com. 2003052900 36001 3600 360000 36001


;; Query time: 202 msec
;; SERVER: 205.217.46.66#53(ns.neomorphic.com.)
;; WHEN: Thu Jul 24 01:31:02 2003
;; MSG SIZE  rcvd: 87

% dig @ns3.emf.net. mailman.neomorphic.com. any

; <<>> DiG 9.2.2 <<>> @ns3.emf.net. mailman.neomorphic.com. any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54675
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mailman.neomorphic.com.                IN      ANY

;; AUTHORITY SECTION:
neomorphic.com. 36001 IN SOA neomorphic.com. hostmaster.neomorphic.com. 2003052900 36001 3600 360000 36001


;; Query time: 223 msec
;; SERVER: 205.149.0.21#53(ns3.emf.net.)
;; WHEN: Thu Jul 24 01:42:47 2003
;; MSG SIZE  rcvd: 87


Hmm. Strange. Neither of the advertised nameservers seem to know anything at all about the name "mailman.neomorphic.com".



Okay, let's check out affymetrix.com:


% dig @a.gtld-servers.net. affymetrix.com. ns

; <<>> DiG 9.2.2 <<>> @a.gtld-servers.net. affymetrix.com. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53016
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;affymetrix.com.                        IN      NS

;; ANSWER SECTION:
affymetrix.com.         172800  IN      NS      cbru.br.ns.els-gms.att.net.
affymetrix.com.         172800  IN      NS      cmtu.mt.ns.els-gms.att.net.

;; ADDITIONAL SECTION:
cbru.br.ns.els-gms.att.net. 172800 IN   A       199.191.128.105
cmtu.mt.ns.els-gms.att.net. 172800 IN   A       12.127.16.69

;; Query time: 123 msec
;; SERVER: 192.5.6.30#53(a.gtld-servers.net.)
;; WHEN: Thu Jul 24 01:58:28 2003
;; MSG SIZE  rcvd: 126

% dig @cmtu.mt.ns.els-gms.att.net. affymetrix.com. any

; <<>> DiG 9.2.2 <<>> @cmtu.mt.ns.els-gms.att.net. affymetrix.com. any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56755
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 4

;; QUESTION SECTION:
;affymetrix.com.                        IN      ANY

;; ANSWER SECTION:
affymetrix.com. 300 IN NS cmtu.mt.ns.els-gms.att.net.
affymetrix.com. 300 IN NS cbru.br.ns.els-gms.att.net.
affymetrix.com. 300 IN SOA ns.affymetrix.com. dnsmaster.affymetrix.com. 2850201717 3600 300 604800 300
affymetrix.com. 300 IN A 147.208.165.234
affymetrix.com. 300 IN MX 20 mail.affymetrix.com.
affymetrix.com. 300 IN MX 10 mailscanner1.affymetrix.com.


;; AUTHORITY SECTION:
affymetrix.com.         300     IN      NS      cmtu.mt.ns.els-gms.att.net.
affymetrix.com.         300     IN      NS      cbru.br.ns.els-gms.att.net.

;; ADDITIONAL SECTION:
cmtu.mt.ns.els-gms.att.net. 86400 IN    A       12.127.16.69
cbru.br.ns.els-gms.att.net. 86400 IN    A       199.191.128.105
mail.affymetrix.com.    300     IN      A       12.22.48.166
mailscanner1.affymetrix.com. 300 IN     A       12.22.48.170

;; Query time: 165 msec
;; SERVER: 12.127.16.69#53(cmtu.mt.ns.els-gms.att.net.)
;; WHEN: Thu Jul 24 02:01:53 2003
;; MSG SIZE  rcvd: 301

% dig @cbru.br.ns.els-gms.att.net. affymetrix.com. any

; <<>> DiG 9.2.2 <<>> @cbru.br.ns.els-gms.att.net. affymetrix.com. any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26286
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 4

;; QUESTION SECTION:
;affymetrix.com.                        IN      ANY

;; ANSWER SECTION:
affymetrix.com. 300 IN NS cmtu.mt.ns.els-gms.att.net.
affymetrix.com. 300 IN NS cbru.br.ns.els-gms.att.net.
affymetrix.com. 300 IN MX 10 mailscanner1.affymetrix.com.
affymetrix.com. 300 IN SOA ns.affymetrix.com. dnsmaster.affymetrix.com. 2850201717 3600 300 604800 300
affymetrix.com. 300 IN MX 20 mail.affymetrix.com.
affymetrix.com. 300 IN A 147.208.165.234


;; AUTHORITY SECTION:
affymetrix.com.         300     IN      NS      cmtu.mt.ns.els-gms.att.net.
affymetrix.com.         300     IN      NS      cbru.br.ns.els-gms.att.net.

;; ADDITIONAL SECTION:
cmtu.mt.ns.els-gms.att.net. 86400 IN    A       12.127.16.69
cbru.br.ns.els-gms.att.net. 86400 IN    A       199.191.128.105
mailscanner1.affymetrix.com. 300 IN     A       12.22.48.170
mail.affymetrix.com.    300     IN      A       12.22.48.166

;; Query time: 161 msec
;; SERVER: 199.191.128.105#53(cbru.br.ns.els-gms.att.net.)
;; WHEN: Thu Jul 24 02:00:28 2003
;; MSG SIZE  rcvd: 301

% dig @cmtu.mt.ns.els-gms.att.net. mailman.affymetrix.com. any

; <<>> DiG 9.2.2 <<>> @cmtu.mt.ns.els-gms.att.net. mailman.affymetrix.com. any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21688
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mailman.affymetrix.com.                IN      ANY

;; AUTHORITY SECTION:
affymetrix.com. 300 IN SOA ns.affymetrix.com. dnsmaster.affymetrix.com. 2850201717 3600 300 604800 300


;; Query time: 111 msec
;; SERVER: 12.127.16.69#53(cmtu.mt.ns.els-gms.att.net.)
;; WHEN: Thu Jul 24 02:02:59 2003
;; MSG SIZE  rcvd: 103

% dig @cbru.br.ns.els-gms.att.net. mailman.affymetrix.com.

; <<>> DiG 9.2.2 <<>> @cbru.br.ns.els-gms.att.net. mailman.affymetrix.com.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4155
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mailman.affymetrix.com.                IN      A

;; AUTHORITY SECTION:
affymetrix.com. 300 IN SOA ns.affymetrix.com. dnsmaster.affymetrix.com. 2850201717 3600 300 604800 300


;; Query time: 172 msec
;; SERVER: 199.191.128.105#53(cbru.br.ns.els-gms.att.net.)
;; WHEN: Thu Jul 24 02:03:22 2003
;; MSG SIZE  rcvd: 103


Wild. Again, the advertised nameservers don't know anything about this hostname.


Let's take a look at dnswalk:

% dnswalk -ralF affymetrix.com.
Getting zone transfer of affymetrix.com. from cbru.br.ns.els-gms.att.net....done.
Checking affymetrix.com.
localhost.affymetrix.com. 300: invalid character(s) in name
teamsite.affymetrix.com. 300: invalid character(s) in name
teamsite.affymetrix.com. 300 A 205.217.46.82: points to www.genomeathome.com
chipdesign.affymetrix.com. 300: invalid character(s) in name
chipdesign.affymetrix.com. 300 A 205.217.46.72: points to lucca.neomorphic.com
bedforde500.affymetrix.com. 300: invalid character(s) in name
bedforde500.affymetrix.com. 300 A 12.110.143.37: no PTR record


Hmm. Well, your nameservers do appear to be open to zone transfers, although you do not appear to be subject to cache pollution/poisoning.

--
Brad Knowles, <[EMAIL PROTECTED]>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
    -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)

------------------------------------------------------
Mailman-Users mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/

This message was sent to: [EMAIL PROTECTED]
Unsubscribe or change your options at
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Reply via email to