Blocking invalid DNS requests
Simon Waters
Simon at wretched.demon.co.uk
Thu Jun 28 08:44:42 UTC 2001
Andris Kalnozols wrote:
>
> 1) The site sending you mail has a broken DNS configuration.
> This can be something like an SOA record with "Administrator."
> in the RNAME field (common mistake with some Windows DNS
> implementations - the GUI doesn't catch this).
Actually the GUI encourages this. If you set up DNS on NT 4
using Microsoft DNS Manager and don't set the DNS domain of
the server before running DNS Manager, the GUI prompts you
for the e-mail address of a responsible user and the default
is "Administrator". (If the domain is set this is appended
automagically).
It is fairly easy for me to see how an administrator would
think "that looks good to me" and click okay assuming that
it will append relevant bits.
This was one of many mistakes at the site with the worst DNS
configuration I have ever seen, which goes to prove badly
designed GUI's are worse than none at all. It was
reinstalling one of these boxes that allowed me to spot why
this happens.
Okay ruthlessly off topic, but now you all know why it
happens.
More information about the bind-users
mailing list