Hello Curtis, On 28 May 2014, at 14:27 , Curtis Maurand <[email protected]> wrote:
> May 28 07:17:40 crucifer pdns[1286]: Received a malformed qdomain from > 68.233.237.36, 'h%20omewp.com.multi.surbl.org': sending servfail > > I'm wondering, if in a case like this the servfail would allow the spam to > get through since the query would not return a valid ip address (127.0.0.0, > 127.0.0.1, 127.0.0.2...etc). > > Any thoughts? The Authoritative server indeed limits the characters accepted in a query, even when forwarding to a recursor (one could consider this a bug). Whether this allows the spam through depends on how your client deals with SERVFAIL, but either way this is a problem. In general, we do not recommend forwarding recursing queries via the authoritative server, for various reasons, including this one, and also performance reasons. Especially in high-traffic situations like RBL lookups, we strongly recommend having your clients talk to the recursor directly. If, when talking to the recursor directly, you still have issues, we will be happy to work those out. Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
