Checking on DNS secondaries
Robert Hajime Lanning
lanning at lanning.cc
Mon May 23 12:15:49 PDT 2011
On 05/23/11 09:34, Rick Moen wrote:
> I'll see if I can whitelist your address at the SVLUG mailing list host:
> That sounds like it must be part of Marc Merlin's antispam setup, and
> I'm sorry about the Comcast-induced collateral damage. As I'm sure you
> appreciate, refusing mail to sites that ignore the RFC madates for
> postmaster[1] and abuse [2] cuts out an overwhelming percentage of
> spambot mail at SMTP time. The pity of it is, Comcast must have gone
> out of their way to disable that function, as MTAs have
> default-supported incoming mail to both postmaster@ and abuse@ for some
> time, now.
>
> (I assume you're talking about sending address lanning at lanning.cc .
> If not, please advise. I have, I believe, now exempted that sender from
> callback checks.)
Yes "lanning at lanning.cc".
Thanks.
>> I run the script below (that I originally created to monitor slave
>> replication.) It can be run via cron to give you a daily/weekly report.
>> http://lanning.cc/pub/dnscheckserial
>>
>> And this was to check DNS GTM consistency:
>> http://lanning.cc/pub/dnscheck
>
> Nice work, Robert. FYI, the latter script breaks if the FQDN used as
> argument is an unqualified second-level domain. E.g., it yields
> false-positive 'NXDOMAIN'results on linuxmafia.com, but correct-IP ones
> if one uses the equivalent FQDN www.linuxmafia.com.
>
> You will probably find that your script breaks if it encounters some of
> the 'dig' results other than success or NXDOMAIN. In particular, I
> noticed that, if the tested nameserver is returning 'status: REFUSED' in
> the options section, then any dig query with the '+short' flag retnrns a
> null result (with, IIRC, value = 9).
>
hrm... I will have to look into these other failure modes.
--
END OF LINE
--MCP
More information about the Baylisa
mailing list