Tag Archives: dns

Net_DNS2 v1.4.4 – Bugfixes and Updates for PHP 7.2

I’ve released version 1.4.4 of the PEAR Net_DNS2 library- this release is primarily just bug fixes.

You can install it now through the command line PEAR installer:

pear install Net_DNS2

Or, you can also add it to your project using composer:

composer require pear/net_dns2

Version 1.4.4

  • Bugfix when returning an empty bitmap-type in BitMap.php – patch from BugMaster510945.
  • Added the BIND 9 private record RR (TYPE65534) – patch from BugMaster510945.
  • Added DNSSEC algorithms 13-16 (ECDSAP256SHA256, ECDSAP384SHA384, ED25519, and ED448).
  • Added SSHFP algoritm ED25519.
  • Modified Net_DNS2::sendPacket() to use current()/next() rather than the deprecated each() (deprecated in 7.2).

Net_DNS2 v1.4.3 – Interim Bugfix Release

I’ve released version 1.4.3 of the PEAR Net_DNS2 library- this release is primarily just bug fixes.

You can install it now through the command line PEAR installer:

pear install Net_DNS2

Or, you can also add it to your project using composer:

composer require pear/net_dns2

Version 1.4.3

  • fixed an issue when looking up . or com., when using the strict_query_mode flag.
  • fixed a bug in the caching logic where I was loading the content more than once per instance, when really I only need to do it once.
  • changed the Net_DNS2::sock array to use the SOCK_DGRAM and SOCK_STREAM defines, rather than the strings ‘tcp’ or ‘udp’.
  • fixed a bug in the Net_DNS2_Header and Net_DNS2_Question classes, where I was using the wrong bit-shift operators when parsing some of the values. This only became apparent when somebody was trying to use the CAA class (id 257); it was causing this to roll over to the next 8 bit value, and returning 1 (RR A) instead of the CAA class.
  • fixed a bug that occurs when a DNS lookup request times out, and then the same class is reused for a subsequent request. Because I’m caching the sockets, the timed out data could eventually come in, and end up being seen as the result for a subsequent lookup.
  • fixed a couple cases in NSAP.php where I was comparing a string to an integer.

Net_DNS2 v1.4.2 – SMIMEA and AVC Resource Records and SHA-256 SSHFP

I’ve released version 1.4.2 of the PEAR Net_DNS2 library- you can install it now through the command line PEAR installer:

pear install Net_DNS2

Or, you can also add it to your project using composer:

composer require pear/net_dns2

Version 1.4.2

  • changed the role for the README.md file to doc.
  • parse the resolv.conf options line; right now I just support the timeout and rotate options.
  • the options values only work if you set the new option use_resolv_options to true; this is to keep backwards compatibility.
  • added support for RFC 6594; support for SHA-256 and ECDSA in the SSHFP resource record.
  • added the SMIMEA resource record; this just extends the TLSA record.
  • added the AVC resource records; this just extends the TXT record.
  • added error and EDNS0 defines for DNS Cookies (RFC7873).
  • added EDNS0 defines to the lookup class.
  • dropped the Net_DNS2_Packet::formatIPv6() function; this was deprecated in v1.1.3.
  • re-wrote the Net_DNS2::expandIPv6() function. Based on testing, the new version is about twice as fast.

How Do RBLs Affect Me? (Part 3)

sbOriginally posted on RBLTracker

In Part 1 and Part 2 of our series, I talked about what RBLs are, how they work, and how RBLs are used by administrators to control the day-to-day onslaught of SPAM on their email systems. In this article I’m going to talk about how RBLs affect you, your business, and why you should care.

So Why Do I Care?

Getting listed on an RBL or URIBL is not uncommon- it happens.

  • Maybe you have a customer using your email platform that didn’t quite understand the rules against bulk email.
  • Maybe one of your employees downloaded some virus infested software that started sending SPAM to all the contacts in their email client.
  • Maybe your email administrator made a mistake when configuring your email system, and opened you up as an open relay.
  • Maybe the WordPress or Drupal installation on your website was compromised, and injected with phishing code.

We all do our best to ensure that these types of errors aren’t the norm, but human error happens.

As a mail recipient, RBLs protect you from these issues by rejecting these messages before they land in your inbox. As a mail sender, RBLs protect others FROM your issues- and limit your overall liability, by reducing the number of messages delivered.

By listing compromised mail servers and website domains, and using these RBLs and URIBLs in our mail systems, we effectively limit the spread of SPAM and phishing websites, which is good for everybody.

Sounds Great- What’s the Catch?

Once you’re listed- as the name indicates- you’re “black-holed”- much of your email won’t be reaching its destination, and traffic to your websites could be limited.

If your business relies on email communication- either as a tool, or a product- then the longer you’re listed, the worst it is for your bottom line, and your reputation. It looks really bad if your customers email you, and get a bounce message indicating that your email system has been blocked.

The sooner you know there is an issue, the sooner the issue can be resolved, and the sooner you can request delisting from the RBLs in question.

RBLTracker

RBLTracker provides a fully automated RBL monitoring service, which checks your IP addresses and website domains, against a customizable list of the top DNSBLs, and will alert you immediately if your system is listed.

Don’t wait days or weeks to find out that your email hasn’t been reaching your customers- click here to find out more!

How Are Blacklists Used? (Part 2)

Originally posted on RBLTracker Blacklist Check Service blog.

In Part 1 of our series we talked about what RBLs are, and the different types of RBLs. In this article, we’ll talk more about how they can be used by administrators to control the flow of SPAM into their networks.

How Are They Used?

Most mail server software can be configured to make requests against DNSBLs, and reject or accept mail, based on if the sending mail servers IP address is listed in the DNSBL. Or in the case of URIBLs, if a domain name or website URL found in the body of the message is listed.

Example

As a quick example, the Exim mail transfer agent (MTA) supports specifying one or more DNSBLs during the ACL processing of an inbound SMTP message.

exim_rbl

Exim will make a DNS lookup request on the sending mail servers’ IP address, and if found in the DNSBL, can reject the message with a specific error message.

The Postfix MTA allows administrator to add one or more DNSBLs using the reject_rbl_client configuration option in the smtpd_recipient_restrictions option.

postfix_rbl

You can also do a simple check on Windows, Mac, and Unix, using the command line nslookup tool. Simply reverse the digits in your IP address, and prefix it to one of the DNSBL host names.

So for example, if your IP address was 127.0.0.2 and you wanted to check the bl.spamcop.net DNSBL, you would do a DNS lookup on: 2.0.0.127.bl.spamcop.net:

manual_lookup

Check back for Part 3 of our series where I talk about how RBLs affect organizations, and why they can be an important part of your day-to-day administration.