[swinog] FYI [from nanog] use of DNS wildcards in TLD

2003-09-16 Thread netbsd
[...] Today VeriSign is adding a wildcard A record to the .com and .net zones. The wildcard record in the .net zone was activated from 10:45AM EDT to 13:30PM EDT. The wildcard record in the .com zone is being added now. We have prepared a white paper describing VeriSign's wildcard

[swinog] For the ones not reading nanog (was Re: Change to .com/.net behavior)

2003-09-16 Thread Pascal Gloor
FYI - Original Message - From: George William Herbert [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]

[swinog] Colt Italien

2003-09-16 Thread alain.wyss
Hallo Colt Italy blocks us on the mail side. So far, our requests for more information to Colt Italy's abuse and postmaster remained unanswered (or returned as non deliverables). Can someone point me to the right place or forward it colt-internally? The message we get is: 553 sorry, that domain

RE: [swinog] Colt Italien

2003-09-16 Thread sviatoslav . rimdenok
Hi, Try that one : [EMAIL PROTECTED] See you, Slava Rimdenok -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Dienstag, 16. September 2003 11:43 To: [EMAIL PROTECTED] Subject: [swinog] Colt Italien Hallo Colt Italy blocks us on the mail side. So far, our

RE: [swinog] Colt Italien

2003-09-16 Thread Steven Glogger
hi alain i dont know anyone @ colt italy. but you might ask Ron Daniel COLT Telecom 42 Adler Street London E1 1EE UK E-Mail: ron [at] colt [dot] net he is the one who set up the peering with us in switzerland. i have also (from the peering contract) these NOC informations: 24x7 NOC phone:

RE: [swinog] Colt Italien

2003-09-16 Thread Neil J. McRae
I'll ask someone to look into this. -- Neil J. McRae - COLT [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 16 September 2003 10:43 To: [EMAIL PROTECTED] Subject: [swinog] Colt Italien Hallo

Re: [swinog] Colt Italien

2003-09-16 Thread Matthias Blaser
On Tuesday 16 September 2003 11:42, [EMAIL PROTECTED] wrote: The message we get is: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) Isn't that a general problem with their qmail installation? This error means, that the server does not accept the recipients domain,

Re: [swinog] FYI [from nanog] use of DNS wildcards in TLD

2003-09-16 Thread Fredy Kuenzler
[EMAIL PROTECTED] wrote: Today VeriSign is adding a wildcard A record to the .com and .net zones. The wildcard record in the .net zone was activated from 10:45AM EDT to 13:30PM EDT. The wildcard record in the .com zone is being added now. We have prepared a white paper describing VeriSign's

RE: [swinog] Colt Italien

2003-09-16 Thread Neil J. McRae
looks like an mx pointing to our server without the relevent qmail config. yes. -- Neil J. McRae - COLT [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthias Blaser Sent: 16 September 2003 10:57 To: [EMAIL PROTECTED]

Re: [swinog] FYI [from nanog] use of DNS wildcards in TLD

2003-09-16 Thread Nik Hug
- Original Message - From: Fredy Kuenzler [EMAIL PROTECTED] [..] I'm gonna register *.ch and *.li now. Some extra traffic is rather nice (a lot of $$$banners and $$$popups), isn't it? *.ch for Fredy is fine with me - and *.com and *.net for versign also. Because I will take .* nik

Re: [swinog] FYI [from nanog] use of DNS wildcards in TLD

2003-09-16 Thread Matthias Leisi
*.ch for Fredy is fine with me - and *.com and *.net for versign also. Because I will take .* Makes nice mail addresses: [EMAIL PROTECTED] ;-) -- Matthias -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/

Re: [swinog] FYI [from nanog] use of DNS wildcards in TLD

2003-09-16 Thread Pascal Gloor
Makes nice mail addresses: [EMAIL PROTECTED] ;-) r@@t is even better and is RFC compliant.. as t is the TLD and r@ the alias (yes @ is allowed in the alias :-P) Pascal -- [EMAIL PROTECTED] Maillist-Archive:

RE: [swinog] Colt Italien

2003-09-16 Thread alain.wyss
Hi Thanks all, folks. This one looks like a very valid point. I'll check back if there is indeed a wrong MX defined... Cheers, Alain -Original Message- From: Neil J. McRae [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 16, 2003 12:07 PM To: [EMAIL PROTECTED] Subject: RE: [swinog]

Re: [swinog] FYI [from nanog] use of DNS wildcards in TLD

2003-09-16 Thread Fredy Kuenzler
Matthias Leisi wrote: *.ch for Fredy is fine with me - and *.com and *.net for versign also. Because I will take .* Makes nice mail addresses: [EMAIL PROTECTED] ;-) No prob, we show a lot of valid mail addrs with the storage folder /dev/null %-] F.

[swinog] Re: orbs.dorkslayer.com listet ALLES

2003-09-16 Thread Fredy Kuenzler
Benoit Panizzon wrote: Scheint als habe es nun auch die gelupft... openrbl ist wegen DDOS Down... Seit einigen Stunden habe ich keine Mails mehr erhalten. Nun ist die Ursache klar: Dorkslayers listet alles und deren Website ist tot. Weiss jemand mehr? Nein, nur dass wir Mailsubscriber (z.B.

Re: [swinog] Colt Italien

2003-09-16 Thread Benoit Panizzon
Am Die, 2003-09-16 um 11.42 schrieb [EMAIL PROTECTED]: Hallo Colt Italy blocks us on the mail side. So far, our requests for more information to Colt Italy's abuse and postmaster remained unanswered (or returned as non deliverables). Can someone point me to the right place or forward it

Re: [swinog] Colt Italien

2003-09-16 Thread Pascal Gloor
Maybe the problem of the orbs.dorkslayers.com RBL having disappeared from DNS and now every address of the form 1.2.3.4.orbs.dorkslayers.com resolving to Verisigns search engine and thus resulting in a positive hit... remove the maybe and you got your answer... Everyone running multiple RBL

[swinog] Fw: Verisign HOWTO

2003-09-16 Thread Pascal Gloor
nanog is slow... :-P however, what do our swiss majors think about this? Pascal - Original Message - From: Pascal Gloor [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 16, 2003 1:22 PM Subject: Re: Verisign HOWTO http://www.hinterlands.org/ver/txt It's a 'How to

Re: [swinog] FYI [from nanog] use of DNS wildcards in TLD

2003-09-16 Thread Thomas Hug
On Tue, 16 Sep 2003 14:33, Matthias Leisi wrote: *.ch for Fredy is fine with me - and *.com and *.net for versign also. Because I will take .* Makes nice mail addresses: [EMAIL PROTECTED] ;-) another bad thing about this stupid idea is that the reject_unknown_sender_domain rules in the

[swinog] qmail dns fix for Versign Breakage

2003-09-16 Thread Andre Oppermann
I've written a patch to qmail's dns lookup routines to detect the wildcard responses from Verisign and convert it internally back into a NX_DOMAIN. I think the same dynamic strategy can also be used for Postfix and Sendwhale. -- read on here -- With Verisigns wildcard match for any

Re: [swinog] qmail dns fix for Versign Breakage

2003-09-16 Thread Pascal Gloor
I've written a patch to qmail's dns lookup routines to detect the wildcard responses from Verisign and convert it internally back into a NX_DOMAIN. I think the same dynamic strategy can also be used for Postfix and Sendwhale. This is good Andre, but it looks more like a patch (in its 1st

Re: [swinog] qmail dns fix for Versign Breakage

2003-09-16 Thread Andre Oppermann
Pascal Gloor wrote: I've written a patch to qmail's dns lookup routines to detect the wildcard responses from Verisign and convert it internally back into a NX_DOMAIN. I think the same dynamic strategy can also be used for Postfix and Sendwhale. This is good Andre, but it looks more

Re: [swinog] qmail dns fix for Versign Breakage

2003-09-16 Thread netbsd
I agree, I would say that we have to react first to avoid any beahviour that can pollute the Net anymore. I will also think about some patches this week end. then we can maybe find a more political solution. however the consequences of the versigin behaviour won't be politically discussed before

[swinog] Rate-Limiting ICMP

2003-09-16 Thread Fredy Kuenzler
We seem to experience quite a bit of ICMP DOS attacks. The come along in waves, which makes some devices within our backbone stumble and loosing packets. As ICMP should generally not be blocked, I'm thinking about rate limiting it on core routers. Any hints, links, suggestions? Thanks Fredy

Re: [swinog] Rate-Limiting ICMP

2003-09-16 Thread Lukas Beeler
* Fredy Kuenzler [EMAIL PROTECTED]: We seem to experience quite a bit of ICMP DOS attacks. The come along in waves, which makes some devices within our backbone stumble and loosing packets. DoS, or the well known nacchi worm? (Nacchi uses 92byte Packets exclusively, so it should be easy to

[swinog] our lovely dot com and dot net

2003-09-16 Thread Pascal Gloor
Some stuff I found around... --- http://www.washingtonpost.com/wp-dyn/articles/A996-2003Sep12.html ... The Internet Corporation for Assigned Names and Numbers (ICANN), which manages the Internet's addressing system and oversees

Re: [swinog] our lovely dot com and dot net

2003-09-16 Thread Matthias Leisi
PS: I've disabled resolutions match the wildcard TLD .com and .net in our dns caches. Will swiss majors follow this too? (you should ;)) Can you provide a recipe? I think this would save many hours of RTFM ,-) -- Matthias -- [EMAIL PROTECTED]