|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Weird "Host not found" error
From: Travis H. (travis+ml-postfix
subspacefield.org)
Date: Sun Jan 21 2007 - 18:43:04 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, Jan 21, 2007 at 12:45:56AM -0500, Victor Duchovni wrote:
> It's a bug. And nameservers DO respond from the right IP,
Most do, no question there.
> the ones that don't
Ah, so some don't, after all!
> really don't work anymore, their responses are blocked by stateful
> firewalls, and should be ignored by security minded resolvers (despite
> the RFC).
I agree that it's trivia, that those servers can be ignored,
and tolerating this behavior is bad for security. But it could
cause problems like this if one resolver is behind a stateful
firewall and one isn't.
> > I assume this has to do with the way recv(2) and send(2) were
> > implemented in the socket API, but my OS states that recv(2) is
> > normally used only on a connected socket.
>
> No, it has to do with UDP applications that were not written with
> multi-homed hosts in mind and don't bind to each interface separately.
Same thing as I was getting at; the fact that UDP is not connected
means that you can't send a reply out to the original request from
the same socket because UDP doesn't assume a request/reply, so it
doesn't hold any state around that you could use to assure the same
IP.
--
``Unthinking respect for authority is the greatest enemy of truth.''
-- Albert Einstein -><- <URL:http://www.subspacefield.org/~travis/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (OpenBSD)
iQIVAwUBRbQImGQVZZEDJt9HAQKHYQ/+KmXjrCivJoyqloBk4q1ZPIgtS3PuftC3
TqZSqBcV9XUXcpgPIBiJhsYVeVeyvE1r5PEuHY9DYgkTH7hsIMCOwMw1c4WI6X6w
eHqgjdIHjI8afx2FPNqJLlrXzWEagzT5wl46w1y18pRYpyvaq6liuqdsmC5yaVml
TQdKF/1EklA+V6K/n7WsxnNF4v0ZbSZPput6U5Nrai+ns56+MCboBfjMbdtibc4F
/99dM53HSkgy87PCHtuFLC1HkxMt1u4GANBCFkOJT2XZ0emiolKrXVvvlicsugGB
msUoSnQBp2Wgy0ugO2FudnvB6bTbCK7EotPuIc2nIuFxztUFqPnlG/7OKXUI/MiS
pftMT7/1fQlrEhNt5fC2dhqnc2lGl84wknjbM2l7eFqUy8VXjEMyBfIC49q7CzJk
VS5T+UPOgibC7MLDVDw6fkhzkvCmiqFSTNFc6KGIOadoX0RKPd7RdRy0nwFy67Rp
tpyNpqDjkrt7GeFAtgQ2MP+XauKP8PP6nqFGxJyFjcEpLON8p5Wf+6BqH3l3j8o0
PWoysATeS6eeKHEPnehK2w/iKc+i80AXu80HUNMkt8H9bictTDQ2w9Nvv4p1OllQ
F/QjVGuhXWN+jxoZPLCUx1+SFBlXlM0opuZTrzNYQqu20UXjgDhJWg+/8p2yTbYo
0p5JDISJzAI=
=+IEc
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]