DNS, ISP stupidity, and DNSBLs
James Wilkinson
fedora at aprilcottage.co.uk
Fri Sep 25 21:15:21 UTC 2009
Bruno Wolff III wrote:
> That depends on your ISP. For some ISPs, using their cache is a bad thing.
> There are some ISPs, for example, that change TTLs and that can cause
> unexpected delays in propagation of updates. It's probably less likely
> now, but in the past cache poisoning was a problem and your ISP's cache
> make have bad data in it.
While you’re mentioning it…
Some ISPs also assume that their users only use the wider Internet to
“surf the web”. Therefore, any DNS lookups for other domains than their
own must be related to web browsing, and if the result is “no such
computer”, then they are free to return the IP address of a web server
designed to provide a “helpful search page”.
This breaks DNSBLs¹ (as used by many anti-spam packages) in a
particularly nasty way – *all* emails will be marked (and possibly
rejected) as spam. And since ISPs rarely tell their customers beforehand
that they are going to play such games, previously-working
configurations will suddenly break without warning.
So if you’re going to use DNSBLs (which can be very helpful for spam
filtering), you either need to really trust your ISP or run your own DNS
server.
James.
¹ DNS-based Black Lists (or Block Lists)
--
E-mail: james@ | ... more holes in Internet Explorer than Blackburn,
aprilcottage.co.uk | Lancashire...
| -- http://theinquirer.net/?article=17235
More information about the users
mailing list