Verisign isn't alone
Tony Finch
dot at DOTAT.AT
Fri Sep 19 16:00:18 IST 2003
Gerry Doris <gerry at DORFAM.CA> wrote:
>
>I thought that what Verisign did the other day with the .com and .net
>domains was a first. It seems like they are just joining the crowd.
>Here's a list of other TLD's that work the same way.
Your list isn't complete. I have a script which produces this:
194.205.62.122: .AC wildcard A record
206.253.214.102: .CC wildcard A record
206.191.159.103: .CC wildcard MX record
64.94.110.11: .COM wildcard A record
219.88.106.80: .CX wildcard A record
202.128.12.163: .MP wildcard A record
195.7.77.20: .MUSEUM wildcard A record
64.94.110.11: .NET wildcard A record
212.181.91.6: .NU wildcard A record
64.55.105.9: .NU wildcard A record
203.119.4.6: .PH wildcard A record
194.205.62.62: .SH wildcard A record
195.20.32.86: .TK wildcard A record
195.20.32.83: .TK wildcard A record
195.20.32.99: .TK wildcard MX record
194.205.62.42: .TM wildcard A record
216.35.187.246: .WS wildcard A record
216.35.187.251: .WS wildcard MX record
Tony.
--
f.a.n.finch <dot at dotat.at> http://dotat.at/
CROMARTY FORTH: SOUTHWESTERLY VEERING NORTHEASTERLY 4 OR 5, OCCASIONALLY 6 IN
CROMARTY. RAIN OR SHOWERS. MODERATE OR GOOD.
#!/bin/sh -e
#
# Produce a list of addresses that should not be delivered to,
# because they are stupid top-level domain wildcard records.
#
# $Cambridge: hermes/exim/sbin/badtlds,v 1.5 2003/09/18 16:03:30 fanf2 Exp $
DATE=`date +%Y%m%d-%H%M%S`
PROBE=ucam-testing-for-broken-wildcard-records-$DATE
# whitespace regex stuff
WS='[ ]'
NWS='[^ ]'
with_regexes () {
local domain regex
sed 'h;s/\./[.]/g;G;s/\n/ /' |
while read regex domain
do
$* $domain $regex
done
}
list_records () {
local type domain regex
type=$1 domain=$2 regex=$3
dig $type $domain 2>/dev/null |
sed "/^$regex$WS/!d
/$WS$type$WS/!d
s/.*$WS\($NWS$NWS*\)\$/\1/"
}
check_domain () {
local domain regex
domain=$PROBE.$1.
regex=$PROBE[.]$2[.]
list_records A $domain $regex |
sed "s/.*/&: .$1 wildcard A record/"
list_records MX $domain $regex |
with_regexes list_records A |
sed "s/.*/&: .$1 wildcard MX record/"
}
echo "# auto-generated by $0"
echo "# at $DATE"
echo "#"
# We use root server f (run by the good guys at the ISC) to get a list
# of top-level domains.
#
# We manually exclude the Vatican (VA) from the stupid list because
# their wildcard MXs include real MXs for their subdomains.
#
dig @f.root-servers.net. axfr . |
sed "/^\([A-Z][A-Z]*\)[.]\{0,1\}$WS.*/!d;s//\1/;/VA/d" |
sort -u |
with_regexes check_domain
# A list of 2LDs that should also be checked
#
cat <<-EOF | with_regexes check_domain
com.au
co.at
ac.at
ac.cn
com.cn
edu.cn
gov.cn
net.cn
org.cn
co.nz
co.uk
net.uk
EOF
More information about the MailScanner
mailing list