still getting DNS poisioning I think - some spam appearing from sites which appear to have domains when the spam arrives but which has disappeared when I look later. Iven if I am missunderstanding the problem this is a more complete fix. Notes: Mon Apr 10 11:44:42 EDT 2006 rsc Mon Apr 10 11:58:51 EDT 2006 rsc It's entirely possible that the spammer has control of a dns server and simply creates a name, sends the mail, and then deletes the name. Easy enough and nothing you can do about it. That said, the norecursion flag is really just a clumsy hack around the fact that the Plan 9 dns server accepts glue records indiscriminately from anyone. See http://ketil.froyn.name/poison.html for a good description and demonstration. cpu% ndb/dnsquery > bad.ketil.froyn.name ns bad.ketil.froyn.name ns www.example.com > www.example.com ip www.example.com ip 217.144.230.29 > ^D cpu% That's wrong. The www.example.com glue record in the bad.ketil.froyn.name ns lookup should have been ignored. I would be very happy if someone would fix this. Thanks. Russ Reference: /n/sources/patch/applied/dnstcp-norecursion Date: Sun Apr 9 20:52:27 CES 2006 Signed-off-by: steve@quintile.net Reviewed-by: rsc --- /sys/src/cmd/ndb/dnstcp.c Sun Apr 9 20:50:55 2006 +++ /sys/src/cmd/ndb/dnstcp.c Sun Apr 9 20:50:52 2006 @@ -31,6 +31,13 @@ static void refreshmain(char*); void +usage(void) +{ + fprint(2, "usage: %s [-rR] [-f ndb-file] [-x netmtpt]\n", argv0); + exits("usage"); +} + +void main(int argc, char *argv[]) { int len; @@ -42,6 +49,9 @@ char *ext = ""; ARGBEGIN{ + case 'R': + norecursion = 1; + break; case 'd': debug++; break; @@ -54,6 +64,9 @@ case 'x': ext = ARGF(); break; + default: + usage(); + break; }ARGEND if(debug < 2) @@ -234,10 +247,12 @@ memset(repp, 0, sizeof(*repp)); repp->id = reqp->id; - repp->flags = Fauth | Fresp | Fcanrec | Oquery; repp->qd = reqp->qd; reqp->qd = reqp->qd->next; repp->qd->next = 0; + repp->flags = Fauth | Fresp | Oquery; + if(!norecursion) + repp->flags |= Fcanrec; dp = repp->qd->owner; /* send the soa */