I've got a mailman installation in our legacy domain (mailman.neomorphic.com). For polical reasons we'd like to have lists show up as being from the new domain (mailman.affymetrix.com).
Sounds reasonable.
We have a cname that points the new name to the old; the new name is set as the base URL for the Mailman web interface. It all works fine, except that we haven't been able to find a way to make going to URL http://mailman.affymetrix.com equivalent to going to http://mailman.affymetrix.com/mailman/listinfo; instead going to http://mailman.affymetrix.com redirects the user to http://mailman.neomorphic.com/mailman/listinfo, no matter what I do with apache config.
Anyone know how I can get this to work?
Well, let's first look at the DNS. Checking out the legacy name, I see:
% dig @a.gtld-servers.net. neomorphic.com. soa
; <<>> DiG 9.2.2 <<>> @a.gtld-servers.net. neomorphic.com. soa ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23289 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION: ;neomorphic.com. IN SOA
;; AUTHORITY SECTION: neomorphic.com. 172800 IN NS ns3.emf.net. neomorphic.com. 172800 IN NS ns.neomorphic.com.
;; ADDITIONAL SECTION: ns3.emf.net. 172800 IN A 205.149.0.21 ns.neomorphic.com. 172800 IN A 205.217.46.66
;; Query time: 123 msec ;; SERVER: 192.5.6.30#53(a.gtld-servers.net.) ;; WHEN: Thu Jul 24 01:33:25 2003 ;; MSG SIZE rcvd: 106
% dig @ns.neomorphic.com. neomorphic.com. soa
; <<>> DiG 9.2.2 <<>> @ns.neomorphic.com. neomorphic.com. soa ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53758 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION: ;neomorphic.com. IN SOA
;; ANSWER SECTION:
neomorphic.com. 36001 IN SOA neomorphic.com. hostmaster.neomorphic.com. 2003052900 36001 3600 360000 36001
;; AUTHORITY SECTION: neomorphic.com. 36001 IN NS roma.neomorphic.com. neomorphic.com. 36001 IN NS ns3.emf.net.
;; ADDITIONAL SECTION: roma.neomorphic.com. 36001 IN A 205.217.46.66 ns3.emf.net. 167930 IN A 205.149.0.21
;; Query time: 207 msec ;; SERVER: 205.217.46.66#53(ns.neomorphic.com.) ;; WHEN: Thu Jul 24 01:34:16 2003 ;; MSG SIZE rcvd: 155
% dig @ns3.emf.net. neomorphic.com. soa
; <<>> DiG 9.2.2 <<>> @ns3.emf.net. neomorphic.com. soa ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5756 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION: ;neomorphic.com. IN SOA
;; ANSWER SECTION:
neomorphic.com. 33017 IN SOA neomorphic.com. hostmaster.neomorphic.com. 2003052900 36001 3600 360000 36001
;; AUTHORITY SECTION: neomorphic.com. 137815 IN NS ns3.emf.net. neomorphic.com. 137815 IN NS ns.neomorphic.com.
;; ADDITIONAL SECTION: ns3.emf.net. 147103 IN A 205.149.0.21 ns.neomorphic.com. 112152 IN A 205.217.46.66
;; Query time: 208 msec ;; SERVER: 205.149.0.21#53(ns3.emf.net.) ;; WHEN: Thu Jul 24 01:33:53 2003 ;; MSG SIZE rcvd: 153
So, right there, we see that the primary and the secondary are handing out slightly different answers for the nameservers for neomorphic.com -- ns.neomorphic.com and ns3.emf.net vs. roma.neomorphic.com and ns3.emf.net. Also note that the secondary is not handing out authoritative answers (there's no "aa" bit set in the "flags:" field. Moreover, ns3.emf.net is advertising itself as a public caching/recursive nameserver (the "ra" bit is set in the "flags:" field), which means that this machine is vulnerable to cache pollution/poisoning, and could be used as a vector to help break into your network more easily.
Checking things with dnswalk, I see:
% dnswalk -ralF neomorphic.com.
Getting zone transfer of neomorphic.com. from ns3.emf.net....failed.
Getting zone transfer of neomorphic.com. from roma.neomorphic.com....done.
Checking neomorphic.com.
teamsite.neomorphic.com. 36001: invalid character(s) in name
teamsite.neomorphic.com. 36001 A 205.217.46.82: points to www.genomeathome.com
firewall.neomorphic.com. 36001: invalid character(s) in name
firewall.neomorphic.com. 36001 A 205.217.46.68: points to firewall.neomorphic.com
So, while ns3.emf.net is an open public/recursive caching nameserver, they do appear to have zone transfers turned off.
Let's look a bit further:
% dig @ns.neomorphic.com. mailman.neomorphic.com. any
; <<>> DiG 9.2.2 <<>> @ns.neomorphic.com. mailman.neomorphic.com. any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10354 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;mailman.neomorphic.com. IN ANY
;; AUTHORITY SECTION:
neomorphic.com. 36001 IN SOA neomorphic.com. hostmaster.neomorphic.com. 2003052900 36001 3600 360000 36001
;; Query time: 202 msec ;; SERVER: 205.217.46.66#53(ns.neomorphic.com.) ;; WHEN: Thu Jul 24 01:31:02 2003 ;; MSG SIZE rcvd: 87
% dig @ns3.emf.net. mailman.neomorphic.com. any
; <<>> DiG 9.2.2 <<>> @ns3.emf.net. mailman.neomorphic.com. any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54675 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;mailman.neomorphic.com. IN ANY
;; AUTHORITY SECTION:
neomorphic.com. 36001 IN SOA neomorphic.com. hostmaster.neomorphic.com. 2003052900 36001 3600 360000 36001
;; Query time: 223 msec ;; SERVER: 205.149.0.21#53(ns3.emf.net.) ;; WHEN: Thu Jul 24 01:42:47 2003 ;; MSG SIZE rcvd: 87
Hmm. Strange. Neither of the advertised nameservers seem to know anything at all about the name "mailman.neomorphic.com".
Okay, let's check out affymetrix.com:
% dig @a.gtld-servers.net. affymetrix.com. ns
; <<>> DiG 9.2.2 <<>> @a.gtld-servers.net. affymetrix.com. ns ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53016 ;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION: ;affymetrix.com. IN NS
;; ANSWER SECTION: affymetrix.com. 172800 IN NS cbru.br.ns.els-gms.att.net. affymetrix.com. 172800 IN NS cmtu.mt.ns.els-gms.att.net.
;; ADDITIONAL SECTION: cbru.br.ns.els-gms.att.net. 172800 IN A 199.191.128.105 cmtu.mt.ns.els-gms.att.net. 172800 IN A 12.127.16.69
;; Query time: 123 msec ;; SERVER: 192.5.6.30#53(a.gtld-servers.net.) ;; WHEN: Thu Jul 24 01:58:28 2003 ;; MSG SIZE rcvd: 126
% dig @cmtu.mt.ns.els-gms.att.net. affymetrix.com. any
; <<>> DiG 9.2.2 <<>> @cmtu.mt.ns.els-gms.att.net. affymetrix.com. any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56755 ;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 4
;; QUESTION SECTION: ;affymetrix.com. IN ANY
;; ANSWER SECTION:
affymetrix.com. 300 IN NS cmtu.mt.ns.els-gms.att.net.
affymetrix.com. 300 IN NS cbru.br.ns.els-gms.att.net.
affymetrix.com. 300 IN SOA ns.affymetrix.com. dnsmaster.affymetrix.com. 2850201717 3600 300 604800 300
affymetrix.com. 300 IN A 147.208.165.234
affymetrix.com. 300 IN MX 20 mail.affymetrix.com.
affymetrix.com. 300 IN MX 10 mailscanner1.affymetrix.com.
;; AUTHORITY SECTION: affymetrix.com. 300 IN NS cmtu.mt.ns.els-gms.att.net. affymetrix.com. 300 IN NS cbru.br.ns.els-gms.att.net.
;; ADDITIONAL SECTION: cmtu.mt.ns.els-gms.att.net. 86400 IN A 12.127.16.69 cbru.br.ns.els-gms.att.net. 86400 IN A 199.191.128.105 mail.affymetrix.com. 300 IN A 12.22.48.166 mailscanner1.affymetrix.com. 300 IN A 12.22.48.170
;; Query time: 165 msec ;; SERVER: 12.127.16.69#53(cmtu.mt.ns.els-gms.att.net.) ;; WHEN: Thu Jul 24 02:01:53 2003 ;; MSG SIZE rcvd: 301
% dig @cbru.br.ns.els-gms.att.net. affymetrix.com. any
; <<>> DiG 9.2.2 <<>> @cbru.br.ns.els-gms.att.net. affymetrix.com. any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26286 ;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 4
;; QUESTION SECTION: ;affymetrix.com. IN ANY
;; ANSWER SECTION:
affymetrix.com. 300 IN NS cmtu.mt.ns.els-gms.att.net.
affymetrix.com. 300 IN NS cbru.br.ns.els-gms.att.net.
affymetrix.com. 300 IN MX 10 mailscanner1.affymetrix.com.
affymetrix.com. 300 IN SOA ns.affymetrix.com. dnsmaster.affymetrix.com. 2850201717 3600 300 604800 300
affymetrix.com. 300 IN MX 20 mail.affymetrix.com.
affymetrix.com. 300 IN A 147.208.165.234
;; AUTHORITY SECTION: affymetrix.com. 300 IN NS cmtu.mt.ns.els-gms.att.net. affymetrix.com. 300 IN NS cbru.br.ns.els-gms.att.net.
;; ADDITIONAL SECTION: cmtu.mt.ns.els-gms.att.net. 86400 IN A 12.127.16.69 cbru.br.ns.els-gms.att.net. 86400 IN A 199.191.128.105 mailscanner1.affymetrix.com. 300 IN A 12.22.48.170 mail.affymetrix.com. 300 IN A 12.22.48.166
;; Query time: 161 msec ;; SERVER: 199.191.128.105#53(cbru.br.ns.els-gms.att.net.) ;; WHEN: Thu Jul 24 02:00:28 2003 ;; MSG SIZE rcvd: 301
% dig @cmtu.mt.ns.els-gms.att.net. mailman.affymetrix.com. any
; <<>> DiG 9.2.2 <<>> @cmtu.mt.ns.els-gms.att.net. mailman.affymetrix.com. any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21688 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;mailman.affymetrix.com. IN ANY
;; AUTHORITY SECTION:
affymetrix.com. 300 IN SOA ns.affymetrix.com. dnsmaster.affymetrix.com. 2850201717 3600 300 604800 300
;; Query time: 111 msec ;; SERVER: 12.127.16.69#53(cmtu.mt.ns.els-gms.att.net.) ;; WHEN: Thu Jul 24 02:02:59 2003 ;; MSG SIZE rcvd: 103
% dig @cbru.br.ns.els-gms.att.net. mailman.affymetrix.com.
; <<>> DiG 9.2.2 <<>> @cbru.br.ns.els-gms.att.net. mailman.affymetrix.com. ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4155 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;mailman.affymetrix.com. IN A
;; AUTHORITY SECTION:
affymetrix.com. 300 IN SOA ns.affymetrix.com. dnsmaster.affymetrix.com. 2850201717 3600 300 604800 300
;; Query time: 172 msec ;; SERVER: 199.191.128.105#53(cbru.br.ns.els-gms.att.net.) ;; WHEN: Thu Jul 24 02:03:22 2003 ;; MSG SIZE rcvd: 103
Wild. Again, the advertised nameservers don't know anything about this hostname.
Let's take a look at dnswalk:
% dnswalk -ralF affymetrix.com.
Getting zone transfer of affymetrix.com. from cbru.br.ns.els-gms.att.net....done.
Checking affymetrix.com.
localhost.affymetrix.com. 300: invalid character(s) in name
teamsite.affymetrix.com. 300: invalid character(s) in name
teamsite.affymetrix.com. 300 A 205.217.46.82: points to www.genomeathome.com
chipdesign.affymetrix.com. 300: invalid character(s) in name
chipdesign.affymetrix.com. 300 A 205.217.46.72: points to lucca.neomorphic.com
bedforde500.affymetrix.com. 300: invalid character(s) in name
bedforde500.affymetrix.com. 300 A 12.110.143.37: no PTR record
Hmm. Well, your nameservers do appear to be open to zone transfers, although you do not appear to be subject to cache pollution/poisoning.
-- Brad Knowles, <[EMAIL PROTECTED]>
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org