[Pdns-users] uribl question
Peter van Dijk
peter.van.dijk at netherlabs.nl
Fri May 30 05:25:39 UTC 2014
Hello Curtis,
On 28 May 2014, at 14:27 , Curtis Maurand <curtis at maurand.com> wrote:
> May 28 07:17:40 crucifer pdns[1286]: Received a malformed qdomain from 68.233.237.36, 'h%20omewp.com.multi.surbl.org': sending servfail
>
> I'm wondering, if in a case like this the servfail would allow the spam to get through since the query would not return a valid ip address (127.0.0.0, 127.0.0.1, 127.0.0.2...etc).
>
> Any thoughts?
The Authoritative server indeed limits the characters accepted in a query, even when forwarding to a recursor (one could consider this a bug).
Whether this allows the spam through depends on how your client deals with SERVFAIL, but either way this is a problem.
In general, we do not recommend forwarding recursing queries via the authoritative server, for various reasons, including this one, and also performance reasons. Especially in high-traffic situations like RBL lookups, we strongly recommend having your clients talk to the recursor directly.
If, when talking to the recursor directly, you still have issues, we will be happy to work those out.
Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20140530/fae181ce/attachment-0001.sig>
More information about the Pdns-users
mailing list