How not to set up your DNS (part 11)

August 22, 2006

Presented in the traditional illustrated form:

; dig +short ns

This looks good, except for the fact that they all have the same IP address, You would think that a large Taiwanese ISP would be able to afford more than one DNS server, but perhaps they're too busy beefing up their network infrastructure to cope with the amount of spam their customers send. (At the moment Hinet is #4 on's list of the 10 worst spam service ISPs, with 53 listings.)

But it gets worse.

; dig +short a @

(Okay, perhaps they only have one IP for all their servers.)

; dig mx @
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 18296

The correct way for a DNS server to answer a query that it doesn't have any data for is with a response that contains no data. SERVFAIL causes other people to retry, instead of just going away. In this case it caused us to not accept email from an alleged '', because every attempt to look up the MX record for looked like a temporary failure to us.

Written on 22 August 2006.
« Link: Csh Programming Considered Harmful
An update on impending changes to access to Solaris patches »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Tue Aug 22 17:04:06 2006
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.