Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] Submitter DNS name resolution and forgery detection

2013-08-05 by Jim Klimov

Interesting off-topic came up today... I wonder if name resolution
(via res_nquery()) can fall-back to file-based nsswitch as well, or
if it just resolves its host's own name, at least on Solaris?

Today there is a problem with LAN DNS (not available), and the internet
DNS apparently does and should not know names for private IP addresses.
Still, I see the host's own names resolved (yes, not calling greylist
for $self at all - is on the menu):

Aug  5 13:41:59 ucs milter-greylist: [ID 471652 mail.debug] Incoming 
connection from host '[10.0.16.60]'
Aug  5 13:41:59 ucs milter-greylist: [ID 308029 mail.debug] Got an 
unresolved host name [10.0.16.60], will try to resolve
Aug  5 13:41:59 ucs milter-greylist: [ID 682236 mail.debug] Requesting 
PTR entry for 60.16.0.10.in-addr.arpa.
Aug  5 13:41:59 ucs milter-greylist: [ID 646443 mail.debug] Got name 
'ucs.domain.com' (1)
Aug  5 13:41:59 ucs milter-greylist: [ID 779078 mail.debug] User 
jimklimov@... authenticated, bypassing greylisting
Aug  5 13:41:59 ucs milter-greylist: [ID 703198 mail.debug] 
0MR100I02XLZW500: addr = ucs.domain.com[10.0.16.60], from = 
<jimklimov@...>, rcpt = <jim@...>


# nslookup 60.16.0.10.in-addr.arpa. 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find 60.16.0.10.in-addr.arpa.: NXDOMAIN


# nslookup 10.0.16.60 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
60.16.0.10.in-addr.arpa name = ucs.domain.com.

Authoritative answers can be found from:

# nslookup -q=ptr 60.16.0.10.in-addr.arpa. 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
60.16.0.10.in-addr.arpa name = ucs.domain.com.

Authoritative answers can be found from:


I am pretty sure that the name-serivce clients were restarted recently
and the name should not be cached from previous DNS replies... Still,
interesting :)

Other names, including local zones on same machine also with entries
in the /etc/hosts file, are not resolved this way...


# nslookup -q=ptr 61.16.0.10.in-addr.arpa. 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find 61.16.0.10.in-addr.arpa.: NXDOMAIN


So... here's a random bit of experience to contemplate ;)

HTH,
//Jim

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.