[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] RMX & DNS: double advantage

To: wayne <wayne@midwestcs.com>
Subject: Re: [Asrg] RMX & DNS: double advantage
From: Hadmut Danisch <hadmut@danisch.de>
Date: Fri, 7 Mar 2003 19:26:41 +0100
Cc: Asrg@ietf.org
In-reply-to: <x4heafcew4.fsf@footbone.midwestcs.com>
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <20030307094119.GA2821@danisch.de> <x4heafcew4.fsf@footbone.midwestcs.com>
Sender: asrg-admin@ietf.org
User-agent: Mutt/1.4i

On Fri, Mar 07, 2003 at 10:36:43AM -0600, wayne wrote:
> 
> It should be pointed out that DNSBLs, including domain specific
> DNSBLs, use the *absence* of an A record as an indication that IP
> address is ok.  Negative DNS responses are generally not cached
> anywhere near as log as positive results.  I do not know if this was a
> design decision on the part of DNSBLs, or just a result of it being
> easier to create that way.


Both presence and absence of a record can be spoofed. Presence
is spoofed by the fake record itself, absence by a bogus CNAME.

regards
Hadmut
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- [Asrg] RMX & DNS: double advantage
  - From: Hadmut Danisch
- Re: [Asrg] RMX & DNS: double advantage
  - From: wayne

Prev by Date: Re: [Asrg] filtering at connect time
Next by Date: Re: [Asrg] Spam detection system proposal
Previous by thread: Re: [Asrg] RMX & DNS: double advantage
Next by thread: [Asrg] Stamps
Index(es):
- Date
- Thread