From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: From: erik quanstrom Date: Tue, 14 Aug 2007 12:55:03 -0400 To: 9fans@cse.psu.edu Subject: Re: [9fans] lsub.org In-Reply-To: <69fa321f47f8cfccff49107b70a28520@plan9.bell-labs.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Topicbox-Message-UUID: a90c7df6-ead2-11e9-9d60-3106f5b1d025 on the dns front, i've found that some spam senders are arranging things so that the guys doing reverse-lookup validataion will get 192.168 or 10. addresses. for some reason arin doesn't return an address for a query on 10.in-addr.arpa or 168.192.in-addr.arpa, so dns will loop from the top and never time out. this doesn't fix the problem, but it will stop these kinds of queries in their tracks. add to /lib/ndb/$myrecursiveserver: # # spam defense. unfortunately, arin doesn't give negative # rcodes for these non-routable addresses. we'll do it for # them # dom=168.192.in-addr.arpa soa= refresh=3600 ttl=3600 ns=ns1.MY.DOM ns=ns2.MY.DOM dom=10.in-addr.arpa soa= refresh=3600 ttl=3600 ns=ns1.MY.DOM ns=ns2.MY.DOM - erik