[Bug 205254] Re: python-policyd-spf failing on AOL SPF records.

John Neffenger Mon, 24 Mar 2008 15:25:37 -0700

Here are a few scenarios you may want to consider.

There seems to be a wide variety of responses you can get back when
trying to get long or multiple DNS TXT records -- especially through a
NAT router where you're forwarding port 25 onto an internal mail server.
The machines behind the routers below are getting DNS from the routers,
which proxy normal UDP DNS requests (not TCP, and sometimes not TXT
requests) to their upstream name servers (obtained by DHCP).


(1) Machine behind router #1:

$ host -t txt aol.com
;; connection timed out; no servers could be reached

(2) Machine behind router #2:

$ host -t txt aol.com
;; Truncated, retrying in TCP mode.
;; Connection to 192.168.0.1#53(192.168.0.1) for aol.com failed: connection 
refused.

(3) Machine behind router #3:

$ host -t txt aol.com
aol.com descriptive text "spf2.0/pra ip4:152.163.225.0/24 ip4:205.188.139.0/24 
ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24 
ip4:64.12.136.0/23 ip4:64.12.138.0/24 ip4:64.12.143.99/32 ip4:64.12.143.100/32 
ip4:64.12.143.101/32 ptr:mx.aol.com ?all"

$ host -t txt aol.com
aol.com descriptive text "v=spf1 ip4:152.163.225.0/24 ip4:205.188.139.0/24 
ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24 
ip4:64.12.136.0/23 ip4:64.12.138.0/24 ip4:64.12.143.99/32 ip4:64.12.143.100/32 
ip4:64.12.143.101/32 ptr:mx.aol.com ?all"

Notice that it randomly gets one or the other of the two possible TXT
records without any errors, but it never gets both.

(4) Machine with direct connection (no NAT router):

[EMAIL PROTECTED]:/etc/postfix$ host -t txt aol.com
;; Warning: Message parser reports malformed message packet.
;; Truncated, retrying in TCP mode.
aol.com descriptive text "v=spf1 ip4:152.163.225.0/24 ip4:205.188.139.0/24 
ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24 
ip4:64.12.136.0/23 ip4:64.12.138.0/24 ip4:64.12.143.99/32 ip4:64.12.143.100/32 
ip4:64.12.143.101/32 ptr:mx.aol.com ?all"
aol.com descriptive text "spf2.0/pra ip4:152.163.225.0/24 ip4:205.188.139.0/24 
ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24 
ip4:64.12.136.0/23 ip4:64.12.138.0/24 ip4:64.12.143.99/32 ip4:64.12.143.100/32 
ip4:64.12.143.101/32 ptr:mx.aol.com ?all"

That's the one at Hostway with the "malformed" response which started
all this. It seems as more things get stuffed into the DNS TXT records,
this could become more of a problem.

Thanks,
John

-- 
python-policyd-spf failing on AOL SPF records.
https://bugs.launchpad.net/bugs/205254
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 205254] Re: python-policyd-spf failing on AOL SPF records.

Reply via email to