On 6 Feb 2006, at 13:34, Philip Hazel wrote:
> The reason for the existence of dns_check_names_pattern is that some
> resolvers give (gave?) temporary errors instead of "no such record"
> when
> presented with a name containing "strange" characters. There shouldn't
> actually be a need for dns_check_names_pattern.
this is enough for me to put
dns_check_names_pattern =
as my resolver (tested with dig)
returns NXDOMAIN. I am not sure this will be a guarantee of any sort,
as the temporary
error might sneak in from another server if the character is legal
but does confuse the target
server.
Atch, I though I would test this against microsoft so I typed:
dig p/d.microstoft.com
;; QUESTION SECTION:
;p/d.microstoft.com. IN A
;; ANSWER SECTION:
p/d.microstoft.com. 3600 IN A 64.49.213.238
what the...? (you'll find that it's just a wildcard record.)
With dns_check_names_pattern my ACL works as expected. Now it's just
a question of
waiting for some more spam to get that far...
g
