Computer Tips -Tech Info

Tag: DNS

  • Bellsouth/ AT&T mail problems

    I would dare say there are more than a couple people “out there” right now that are puzzled as to WHY some of their mail is bouncing back to them as being rejected. Right now I’m talking about Bellsouth / AT&T mail users…. it appears that this week AT&T is in the process of transitioning it’s outbound mail relays to a new address block. 207.115.11.51 – 207.115.11.56 – the names of these machines are fmailhost01.isp.att.net – fmailhost06.isp.att.net …. Yesterday I noticed 4/5/6 had been moved – today 3 has been moved over and I noticed only because a test message that I RUN through a (formerly) bellsouth system bounced back and made it through…. The problem is the address space that AT&T is making use of used to be in the dial up block of their service and SEVERAL online blacklists have not been notified of the change. It is not possible for an end user to FIX this problem, AT&T technicians need to contact http://www.au.sorbs.net/ (SORBS) Among other locations to help their customers. The only thing techs in control of individual mailservers can do is whitelist the new AT&T addresses. (Well you could disable whitelisting altogether, but that would probably be a big HELLO SPAM).

    It may be even murkier a situation – they may using BOTH sets of IP addresses (old and new) for the time being… here are two log entries that would seem to confirm that…

    Jul 25 16:47:09 xxxxx postfix/smtpd[7812]: disconnect from fmailhost03.isp.att.net[207.115.11.53]
    Jul 25 16:47:09 xxxxx postfix/smtpd[7812]: connect from fmailhost03.isp.att.net[204.127.217.103]

    Strange… They may have some scheme to help work around this – because the connect from the 204. address immediately followed a DNS block of the connect from the 207 range address.

  • Handy DNS tools online

    There are some tools that I make use of almost daily. Either because something strikes my curiousity or because of necessity to find out a bit more about a computer issue. DNS lookup tools fall into the category of “must have” for the kind of stuff I wind up doing. Whether it’s a whois lookup to see who is a contact for a given domain, looking to see when a domain expires or just looking up reverse dns information to find out where the machine is located that’s been trying to enter the ssh server. Of course, spam blacklist lookups are handy too. I’m adding a few links to the sidebar for some of the more useful of these…

    (more…)

  • Is something up with ordb.org?

    I’ve noticed several times in the last week a server of mine that is using postfix has rejected messages due to a failure in the lookup at relays.ordb.org. At first, I thought this was just a false positive in the database at ordb… but this morning I finally “caught it” while it was happening and went to pull up the ordb.org web page. It took…. 30-45 seconds and then proceeding to do a search on the rejected IP took another stretch. In looking at the logs it appears that there may be blanket rejections if the ordb.org check times out.

    Here’s the postfix config setting….
    smtpd_client_restrictions = permit_mynetworks,reject_rbl_client relays.ordb.org

    (more…)

  • Using DNS servers other than your ISP’s

    As I mentioned earlier, Bellsouth seemed to be in the midst of a big DNS meltdown when I got up this morning. I spent some time getting various bellsouth customers “worked around” the issue by setting up an alternate DNS server for them. For starters…. DNS translates addresses like google.com into numbers (like 72.14.207.99) Think of it as a telephone directory lookup service… you can’t pickup a phone and punch in the letters of someones name to call them, you have to dial a number and first you have to see what the number is…. in networking, the computer does the DNS lookup for you when you type google.com in your browser bar. (Or when the browser tries to load it’s home page for instance.)

    (more…)

  • Major Bellsouth DNS issues

    This morning, I’m noticing some of the machines I monitor having big DNS problems. It seems to be Bellsouth.net’s dns servers gone sideways – none seem to respond. On one network in particular we’re having trouble getting a secondary (outside network) dns server to respond. From outside the bellsouth network things seem fine though. As usual dslreports is a good place to check if others are having the same issue. It appears as though this issue is affecting ALL of bellsouth’s network and has been since at the latest 11:30PM last night (the 16th of October.)

    (more…)

  • Firewall musings…

    Yesterday I had a bit of a realization. I had just been looking at a wireless router/firewall setup and was thinking about the firewalling rules (which seemed to be geared at the WIRELESS lan… i.e. blocking that activity on the Wireless segment.) You know, traditionally firewalls have had the attitude of defending the internal network from the outside. Of course, these days firewalls sometimes protect the internal network from a WLAN (Wireless segment as well.) But, I put a few events together and started looking for a new feature in a firewall.

    (more…)

  • Using ssh to protect web browsing over wireless or other hostile networks

    This really could be used to encyrpt web traffic over any “hostile” network. Here’s what I’m talking about. Laptop using wireless. Within our internal network we would LIKE all our web traffic to be encrypted at least from the laptop to a wired host. (From there to the outside world it will be open.) At the minimum we would like to have the traffic encrypted over the wireless leg of the journey. Here’s the most straightforward approaches uing ssh.

    (more…)

  • Florida leads in Sony Rootkit infections….

    According to the securityfix, Florida leads the nation in the number of networks with signs of computers infested with the sony rootkit. In total, 12,588 networks in Florida seem to have computers with the rootkit. Now, these numbers could reflect as few as one machine per network….

    (more…)

  • Hexblog (WMF unofficial patch) back up

    Yesterday the hexblog, which is the site of the person that wrote the unofficial patch for the WMF exploit, was offline for bandwidth over use. Several mirror sites popped up to host the patch. Today the site is back up at http://www.hexblog.com/ in a more minimal form. It’s suggested if you can’t reach the page to try the ip address directly http://216.227.222.95 As the DNS changes are likely still propogating.

  • Handy Online Network Tools

    Most of the time when I need to do a Dig or whois or traceroute I’m at a machine that I can use a good command line version of these essential network utilities. However, there are always times when you’re at a PC or situation that is either missing some of those, or you’d rather not run the utility on the machine for other reasons. Fortunately, many of these can be found online. For a long time, I’ve kept SamSpade.org in the back of my mind as a good utility address. There you’ll find Whois lookups, reverse IP -> domain lookups, traceroutes, etc. One thing I didn’t find though on the page was Dig…

    (more…)