DNS queries to blocked countries?
Jeff Lightner
jlightner at water.com
Sat Jun 23 17:47:14 UTC 2007
Apparently you missed my admonition to NOT tell me to unblock the
countries.
Not only that you apparently didn't read the rest of my post or the
several responses that DID attempt to address the question as I outlined
it. Restated I'm not asking IF a country should be blocked but rather
if there is any way to get around it via DNS if it is. It hardly helps
me to tell me YOUR servers don't block it. I already knew it was
something internal to our security setup here. Also I mentioned whois
only because it was my first check after seeing failed email - you
apparently missed my mention of dig +trace for DNS that confirmed the
issue for DNS.
P.S. Why send twice?
-----Original Message-----
From: Danny Mayer [mailto:mayer at ntp.isc.org]
Sent: Saturday, June 23, 2007 10:25 AM
To: Jeff Lightner
Cc: bind-users at isc.org
Subject: Re: DNS queries to blocked countries?
Jeff Lightner wrote:
> OK I know this sounds like a stupid question but figured I'd ask
anyway.
> We currently have customers who have signed up to get email from us.
> However, the MX record won't resolve because the primary DNS for the
> customers is in a country we block inbound/outbound. Essentially
the
> dig +trace and whois both stop at the point the root servers hand off
to
> servers in those remote countries.
>
> An example would be "Samsung.com". Although the user is actually in
> the U.S., Samsung is a South Korean company. Due to this we can't get
> the MX record which may or may not point to a U.S. server. I'm
> wondering if there is any way I can setup things so the resolution for
> countries we block is reported back by some other server that would be
> U.S. based that doesn't block these countries?
Since Samsung is a *South* Korean company why would it be blocked? I
have no problem getting it's MX record and the IP address associated
with it. Why would your company block those addresses? Do they not want
to conduct business? Note that whois does NOT use root servers or
anything else. It's a self-contained system and is only used by the
registries.
Danny
More information about the bind-users
mailing list