Plan 9 from Bell Labs’s /usr/web/sources/patch/applied/dnstcp-norecursion/notes

Copyright © 2021 Plan 9 Foundation.
Distributed under the MIT License.
Download the Plan 9 distribution.


Mon Apr 10 11:44:42 EDT 2006 rsc
Mon Apr 10 11:58:51 EDT 2006 rsc
    It's entirely possible that the spammer has control of
    a dns server and simply creates a name, sends the mail,
    and then deletes the name.  Easy enough and nothing you
    can do about it.
    
    That said, the norecursion flag is really just a clumsy
    hack around the fact that the Plan 9 dns server accepts
    glue records indiscriminately from anyone.
    
    See http://ketil.froyn.name/poison.html for a good 
    description and demonstration.
    
    cpu% ndb/dnsquery
    > bad.ketil.froyn.name ns
    bad.ketil.froyn.name ns	www.example.com
    > www.example.com ip
    www.example.com ip	217.144.230.29
    > ^D
    cpu% 
    
    That's wrong.  The www.example.com glue record
    in the bad.ketil.froyn.name ns lookup should have
    been ignored.
    
    I would be very happy if someone would fix this.
    
    Thanks.
    Russ


Bell Labs OSI certified Powered by Plan 9

(Return to Plan 9 Home Page)

Copyright © 2021 Plan 9 Foundation. All Rights Reserved.
Comments to [email protected].