Verisign isn't alone
Rose, Bobby
brose at MED.WAYNE.EDU
Fri Sep 19 19:35:43 IST 2003
The latest version of Bind has a new delegation class to block this
junk. Cehck out http://www.imperialviolet.org/dnsfix.html for other
solutions.
-----Original Message-----
From: Tony Finch [mailto:dot at DOTAT.AT]
Sent: Friday, September 19, 2003 11:00 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Verisign isn't alone
Gerry Doris <gerry at DORFAM.CA> wrote:
>
>I thought that what Verisign did the other day with the .com and .net
>domains was a first. It seems like they are just joining the crowd.
>Here's a list of other TLD's that work the same way.
Your list isn't complete. I have a script which produces this:
194.205.62.122: .AC wildcard A record
206.253.214.102: .CC wildcard A record
206.191.159.103: .CC wildcard MX record
64.94.110.11: .COM wildcard A record
219.88.106.80: .CX wildcard A record
202.128.12.163: .MP wildcard A record
195.7.77.20: .MUSEUM wildcard A record
64.94.110.11: .NET wildcard A record
212.181.91.6: .NU wildcard A record
64.55.105.9: .NU wildcard A record
203.119.4.6: .PH wildcard A record
194.205.62.62: .SH wildcard A record
195.20.32.86: .TK wildcard A record
195.20.32.83: .TK wildcard A record
195.20.32.99: .TK wildcard MX record
194.205.62.42: .TM wildcard A record
216.35.187.246: .WS wildcard A record
216.35.187.251: .WS wildcard MX record
Tony.
--
f.a.n.finch <dot at dotat.at> http://dotat.at/
CROMARTY FORTH: SOUTHWESTERLY VEERING NORTHEASTERLY 4 OR 5, OCCASIONALLY
6 IN CROMARTY. RAIN OR SHOWERS. MODERATE OR GOOD.
#!/bin/sh -e
#
# Produce a list of addresses that should not be delivered to, # because
they are stupid top-level domain wildcard records. # # $Cambridge:
hermes/exim/sbin/badtlds,v 1.5 2003/09/18 16:03:30 fanf2 Exp $
DATE=`date +%Y%m%d-%H%M%S`
PROBE=ucam-testing-for-broken-wildcard-records-$DATE
# whitespace regex stuff
WS='[ ]'
NWS='[^ ]'
with_regexes () {
local domain regex
sed 'h;s/\./[.]/g;G;s/\n/ /' |
while read regex domain
do
$* $domain $regex
done
}
list_records () {
local type domain regex
type=$1 domain=$2 regex=$3
dig $type $domain 2>/dev/null |
sed "/^$regex$WS/!d
/$WS$type$WS/!d
s/.*$WS\($NWS$NWS*\)\$/\1/"
}
check_domain () {
local domain regex
domain=$PROBE.$1.
regex=$PROBE[.]$2[.]
list_records A $domain $regex |
sed "s/.*/&: .$1 wildcard A record/"
list_records MX $domain $regex |
with_regexes list_records A |
sed "s/.*/&: .$1 wildcard MX record/"
}
echo "# auto-generated by $0"
echo "# at $DATE"
echo "#"
# We use root server f (run by the good guys at the ISC) to get a list #
of top-level domains. # # We manually exclude the Vatican (VA) from the
stupid list because # their wildcard MXs include real MXs for their
subdomains. # dig @f.root-servers.net. axfr . |
sed "/^\([A-Z][A-Z]*\)[.]\{0,1\}$WS.*/!d;s//\1/;/VA/d" |
sort -u |
with_regexes check_domain
# A list of 2LDs that should also be checked
#
cat <<-EOF | with_regexes check_domain
com.au
co.at
ac.at
ac.cn
com.cn
edu.cn
gov.cn
net.cn
org.cn
co.nz
co.uk
net.uk
EOF
More information about the MailScanner
mailing list