No, I show them well under the 512 limit.. Even then if the 'bigtodo-dns' I
believe it's called is installed then what does it matter??? I am correct
right?
--JT
Network Administrator
http://www.webcommanders.com
----- Original Message -----
From: "Charles Cazabon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 05, 2001 9:19 AM
Subject: Re: Hotmail, CNAME lookup failure, zone transfer...WTF?
> Marek Gutkowski <[EMAIL PROTECTED]> wrote:
> >
> > > It doesn't. snort is lying -- don't worry, it lies about a lot of
other
> > > things, too. Take everything snort says with a grain of salt.
>
> > First - thanks for a quick reply.
> >
> > Snort is just a tool, and my previous post was about qmail, not snort :)
> > Snort is not lying. You think it took the packet dump out of the blue
sky?
> > I also ran tcpdump and it says the same. Is tcpdump also lying?
>
> No. There's no zone transfer happening. The worst case is Hotmail went
over
> the 512-byte UDP DNS response limit, and the resolver is therefore trying
to
> do a TCP query instead. This is not a zone transfer, but snort reports it
as
> such.
>
> > Mail server really tries to connect to the DNS with tcp dport 53. It
does.
> > It does. I'm sure.
>
> Hotmail's probably over the 512 byte limit, then. That doesn't make it a
zone
> transfer.
>
> Charles
> --
> -----------------------------------------------------------------------
> Charles Cazabon <[EMAIL PROTECTED]>
> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
> -----------------------------------------------------------------------
>
