postfwd 1.10pre7c-1 has been accepted and did hit experimental yesterday.
If you using policyd-weight you might want to give it a try, since its active development stoped. If you are annoyed by too much spam, it maybe a good idea as well.
Please have a look on postfwd.cf, there is no default config provided, since the configuration depends heavily on your environment. But maybe you have a look at /usr/share/doc/postfwd/examples, there is what you expect.
If you have any comments, send a mail to the maintainer or if there are bugs I didn’t spotted yet, please fill one!
In case I don’t respond quit fast, maybe I’m in the delivery room or anywhere else in the hospital or something like that, so please give me some extra time.
In case there are no big issues, I plan to upload the package to unstable in a reasonable time.
Archive for the 'Computing' Category
Last week I noticed, that Kabel Deutschland, a cable provider in germany, returns for any non existing hosts “204.9.89.60″. It seems, thats it is rolled out since last fall. Even for DNSSEC enabled infrastructure it breaks it totally:
; <<>> DiG 9.3.4 <<>> +dnssec web.pixaco.se @83.169.184.161
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; ANSWER SECTION:
web.pixaco.se. 0 IN A 204.9.89.60
Beside that, this behavour breaks the whole DNS, since many mechanism rely on a negative answer. The most visible effect for the users is, that when having a typo on surfing, he will forwarded to http://suche.kabeldeutschland.de/de.kde.assist/?domain=<domainyoutypedinyourprompt>. Since 204.9.88.0/21 is located at our transatlantic friends from US, there might be some problem with leaking privacy informations. I don’t feel happy, if I had a typo in my URL and getting listed for it on any terror list or providing the newest porno links to my american friends inside the organisations with the tree capitals.
All that for getting some extra money, but racing pricedumping for connectivity, this sucks a lot.
If you are a customer and feel pissed, you can send a friendly note to them:
Kabel Deutschland Vertrieb und Service GmbH & Co. KG
Beschwerdestelle
99116 Erfurt
kundenservice@kabeldeutschland.de
Fax: 01805299925
A quick and dirty workaround for dnsmasq maybe to add “bogus-nxdomain=204.9.89.60″ to your config file. This doesn’t fix the DNSSEC problem.
The problem also pops up at dns-operations and there are traces at google too.
After shutdown of the old L.ROOT-SERVERS.NET the IP address formerly associated with it, the IP continued to answere requests. More informations can be found at the ICANN Blog
UPDATE: Before bothering around, if you read the ICANN Blog, you realize that the issue was fixed very shortly. The whole problem is, that the file of the root DNS servers have to be keeped up to date. This issue should be fixed by operator of resolving nameservers (usually your ISP). A goody will be, to have this fixed by the next point release of debian, but it is NOT security critical.
Thanks Thijs for make me sensible that my article may misslead people who are not reading the referenced document.
UPDATE 2: A more technical description can also be found at Renesys Blog and a disussion how it is related to debian.
I’m off for vacation for just a week without any internet access (Oh my good, I will hate my inbox). This break will give me some time for my wife and my daughter before my second daughter will arrive in this world which is scheduled for mid june.
If there anything strange happen with my packages, just feel free for a 0day NMU.
Just after this week, I will attend to RIPE 56 where my latency will just a bit lower than normal.
