Well since the problem was reported on the windoze platform......... Thanks for the added info. (Sounds like you were bitten by windoze trying to 'help' as usual)
Rob :-) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorn Hass Sent: Tuesday, 23 May 2006 6:23 PM To: '[email protected]' Subject: [xmail] explaining fully qualified domains & domain suffixes. (Slightly long...) Just to expand on "Fully Qualified Domain Name": Each server, be it unix or windoze, can have so-called "search domains". i.e. your "home" domain. In windoze: Control Panel/ Network Connections/ <network>/ General/ Internet Protocol(TCP/IP)/ General/ Advanced/ DNS/ append these dns suffixes In unix: /etc/resolv.conf use search keyword. Now, which one was easier??? :) Let's assume you work for company xyz, with domain xyz.com. Adding this to domain suffixes, allows you to use server, instead of server.xyz.com. Makes life easier. The suffixes will then "qualify" it to server.xyz.com" However, it does not try server.com, unless you have .com as a suffix. However, now you have a server.abc.com.xyz.com. (development server for company abc, which you host locally off-line to prevent working on production platforms.) You want to get to server.abc.com, but keep ending up with servers.abc.com.xyz.com, as it adds the suffix... (This will be so by the way, only on Windoze, as unix deals with it differently... See my warning about windoze domain suffixes below...) So you "fully qualify" the name by using server.abc.com. (with the trailing dot), which tells the resolver that it's an absolute name, and will therefore not add any additional suffixes. This has the added benefit of preventing the server to look for x.x.x.x.dnsbl.com, not get an answer, and then try x.x.x.x.dnsbl.com.xyz.com as well... We know there is no such entry too, and let's not waste time, so the buck stops right there. Ok, now to the unix/windoze warning. Assuming we look for server.xyz.com, by typing in server. Search suffizes are xyz.com, abc.com. Unix does the following sequence: look for server -> not found. look for server.xyz.com -> found. Windoze: look for server.xyz.com -> found. Cool... so windoze works better! Wrong!!! Let's look for www.google.com. Unix: www.google.com -> found. Windoze: www.google.com.xyz.com -> not found. www.google.com.abc.com -> not found. www.google.com -> found... Using the example of server.xyz.com: Unix: server.abc.com -> found. Windoze: server.abc.com.xyz.com -> found... Oops... Hmmm... As we as normal internet users mostly do dns lookups outside our domains, this is a huge waste of lookups. Having had 5 suffixes in my machine, I have now narrowed them down to 0, because of the above issue... The inconvenience of having to use "server.abc.com.xyz.com", is minimal. Here we get to philosophy of not having subdomains like that anyway. Let's take "co.uk" as an arbitrary example. I register "co.za.co.uk". I then go and add a record for "company.co.za.co.uk" to my dns, which I am entitled to do... However, user has "co.uk" as a search suffix, want to get to "company.co.za". but keeps ending up with my site, as I have just "hijacked" his search path exploit... So, "bank.co.za.co.uk", here we come. Phishing is for amateurs... :) -- Best regards, Jorn mailto:[EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
