[Mailman-Users] HTTP redirection
Brad Knowles
brad.knowles at skynet.be
Thu Jul 24 02:05:58 CEST 2003
At 4:14 PM -0700 2003/07/23, Hugh Caley wrote:
> I've got a mailman installation in our legacy domain
> (mailman.neomorphic.com). For polical reasons we'd like to have lists
> show up as being from the new domain (mailman.affymetrix.com).
Sounds reasonable.
> We have
> a cname that points the new name to the old; the new name is set as the
> base URL for the Mailman web interface.
> It all works fine, except that we haven't been able to find a way to
> make going to URL http://mailman.affymetrix.com equivalent to going to
> http://mailman.affymetrix.com/mailman/listinfo; instead going to
> http://mailman.affymetrix.com redirects the user to
> http://mailman.neomorphic.com/mailman/listinfo, no matter what I do
> with apache config.
>
> Anyone know how I can get this to work?
Well, let's first look at the DNS. Checking out the legacy name, I see:
% dig @a.gtld-servers.net. neomorphic.com. soa
; <<>> DiG 9.2.2 <<>> @a.gtld-servers.net. neomorphic.com. soa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23289
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;neomorphic.com. IN SOA
;; AUTHORITY SECTION:
neomorphic.com. 172800 IN NS ns3.emf.net.
neomorphic.com. 172800 IN NS ns.neomorphic.com.
;; ADDITIONAL SECTION:
ns3.emf.net. 172800 IN A 205.149.0.21
ns.neomorphic.com. 172800 IN A 205.217.46.66
;; Query time: 123 msec
;; SERVER: 192.5.6.30#53(a.gtld-servers.net.)
;; WHEN: Thu Jul 24 01:33:25 2003
;; MSG SIZE rcvd: 106
% dig @ns.neomorphic.com. neomorphic.com. soa
; <<>> DiG 9.2.2 <<>> @ns.neomorphic.com. neomorphic.com. soa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53758
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;neomorphic.com. IN SOA
;; ANSWER SECTION:
neomorphic.com. 36001 IN SOA neomorphic.com.
hostmaster.neomorphic.com. 2003052900 36001 3600 360000 36001
;; AUTHORITY SECTION:
neomorphic.com. 36001 IN NS roma.neomorphic.com.
neomorphic.com. 36001 IN NS ns3.emf.net.
;; ADDITIONAL SECTION:
roma.neomorphic.com. 36001 IN A 205.217.46.66
ns3.emf.net. 167930 IN A 205.149.0.21
;; Query time: 207 msec
;; SERVER: 205.217.46.66#53(ns.neomorphic.com.)
;; WHEN: Thu Jul 24 01:34:16 2003
;; MSG SIZE rcvd: 155
% dig @ns3.emf.net. neomorphic.com. soa
; <<>> DiG 9.2.2 <<>> @ns3.emf.net. neomorphic.com. soa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5756
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;neomorphic.com. IN SOA
;; ANSWER SECTION:
neomorphic.com. 33017 IN SOA neomorphic.com.
hostmaster.neomorphic.com. 2003052900 36001 3600 360000 36001
;; AUTHORITY SECTION:
neomorphic.com. 137815 IN NS ns3.emf.net.
neomorphic.com. 137815 IN NS ns.neomorphic.com.
;; ADDITIONAL SECTION:
ns3.emf.net. 147103 IN A 205.149.0.21
ns.neomorphic.com. 112152 IN A 205.217.46.66
;; Query time: 208 msec
;; SERVER: 205.149.0.21#53(ns3.emf.net.)
;; WHEN: Thu Jul 24 01:33:53 2003
;; MSG SIZE rcvd: 153
So, right there, we see that the primary and the secondary are
handing out slightly different answers for the nameservers for
neomorphic.com -- ns.neomorphic.com and ns3.emf.net vs.
roma.neomorphic.com and ns3.emf.net. Also note that the secondary is
not handing out authoritative answers (there's no "aa" bit set in the
"flags:" field. Moreover, ns3.emf.net is advertising itself as a
public caching/recursive nameserver (the "ra" bit is set in the
"flags:" field), which means that this machine is vulnerable to cache
pollution/poisoning, and could be used as a vector to help break into
your network more easily.
Checking things with dnswalk, I see:
% dnswalk -ralF neomorphic.com.
Getting zone transfer of neomorphic.com. from ns3.emf.net....failed.
Getting zone transfer of neomorphic.com. from roma.neomorphic.com....done.
Checking neomorphic.com.
teamsite.neomorphic.com. 36001: invalid character(s) in name
teamsite.neomorphic.com. 36001 A 205.217.46.82: points to www.genomeathome.com
firewall.neomorphic.com. 36001: invalid character(s) in name
firewall.neomorphic.com. 36001 A 205.217.46.68: points to
firewall.neomorphic.com
So, while ns3.emf.net is an open public/recursive caching
nameserver, they do appear to have zone transfers turned off.
Let's look a bit further:
% dig @ns.neomorphic.com. mailman.neomorphic.com. any
; <<>> DiG 9.2.2 <<>> @ns.neomorphic.com. mailman.neomorphic.com. any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10354
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mailman.neomorphic.com. IN ANY
;; AUTHORITY SECTION:
neomorphic.com. 36001 IN SOA neomorphic.com.
hostmaster.neomorphic.com. 2003052900 36001 3600 360000 36001
;; Query time: 202 msec
;; SERVER: 205.217.46.66#53(ns.neomorphic.com.)
;; WHEN: Thu Jul 24 01:31:02 2003
;; MSG SIZE rcvd: 87
% dig @ns3.emf.net. mailman.neomorphic.com. any
; <<>> DiG 9.2.2 <<>> @ns3.emf.net. mailman.neomorphic.com. any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54675
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mailman.neomorphic.com. IN ANY
;; AUTHORITY SECTION:
neomorphic.com. 36001 IN SOA neomorphic.com.
hostmaster.neomorphic.com. 2003052900 36001 3600 360000 36001
;; Query time: 223 msec
;; SERVER: 205.149.0.21#53(ns3.emf.net.)
;; WHEN: Thu Jul 24 01:42:47 2003
;; MSG SIZE rcvd: 87
Hmm. Strange. Neither of the advertised nameservers seem to
know anything at all about the name "mailman.neomorphic.com".
Okay, let's check out affymetrix.com:
% dig @a.gtld-servers.net. affymetrix.com. ns
; <<>> DiG 9.2.2 <<>> @a.gtld-servers.net. affymetrix.com. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53016
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;affymetrix.com. IN NS
;; ANSWER SECTION:
affymetrix.com. 172800 IN NS cbru.br.ns.els-gms.att.net.
affymetrix.com. 172800 IN NS cmtu.mt.ns.els-gms.att.net.
;; ADDITIONAL SECTION:
cbru.br.ns.els-gms.att.net. 172800 IN A 199.191.128.105
cmtu.mt.ns.els-gms.att.net. 172800 IN A 12.127.16.69
;; Query time: 123 msec
;; SERVER: 192.5.6.30#53(a.gtld-servers.net.)
;; WHEN: Thu Jul 24 01:58:28 2003
;; MSG SIZE rcvd: 126
% dig @cmtu.mt.ns.els-gms.att.net. affymetrix.com. any
; <<>> DiG 9.2.2 <<>> @cmtu.mt.ns.els-gms.att.net. affymetrix.com. any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56755
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 4
;; QUESTION SECTION:
;affymetrix.com. IN ANY
;; ANSWER SECTION:
affymetrix.com. 300 IN NS cmtu.mt.ns.els-gms.att.net.
affymetrix.com. 300 IN NS cbru.br.ns.els-gms.att.net.
affymetrix.com. 300 IN SOA ns.affymetrix.com.
dnsmaster.affymetrix.com. 2850201717 3600 300 604800 300
affymetrix.com. 300 IN A 147.208.165.234
affymetrix.com. 300 IN MX 20 mail.affymetrix.com.
affymetrix.com. 300 IN MX 10 mailscanner1.affymetrix.com.
;; AUTHORITY SECTION:
affymetrix.com. 300 IN NS cmtu.mt.ns.els-gms.att.net.
affymetrix.com. 300 IN NS cbru.br.ns.els-gms.att.net.
;; ADDITIONAL SECTION:
cmtu.mt.ns.els-gms.att.net. 86400 IN A 12.127.16.69
cbru.br.ns.els-gms.att.net. 86400 IN A 199.191.128.105
mail.affymetrix.com. 300 IN A 12.22.48.166
mailscanner1.affymetrix.com. 300 IN A 12.22.48.170
;; Query time: 165 msec
;; SERVER: 12.127.16.69#53(cmtu.mt.ns.els-gms.att.net.)
;; WHEN: Thu Jul 24 02:01:53 2003
;; MSG SIZE rcvd: 301
% dig @cbru.br.ns.els-gms.att.net. affymetrix.com. any
; <<>> DiG 9.2.2 <<>> @cbru.br.ns.els-gms.att.net. affymetrix.com. any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26286
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 4
;; QUESTION SECTION:
;affymetrix.com. IN ANY
;; ANSWER SECTION:
affymetrix.com. 300 IN NS cmtu.mt.ns.els-gms.att.net.
affymetrix.com. 300 IN NS cbru.br.ns.els-gms.att.net.
affymetrix.com. 300 IN MX 10 mailscanner1.affymetrix.com.
affymetrix.com. 300 IN SOA ns.affymetrix.com.
dnsmaster.affymetrix.com. 2850201717 3600 300 604800 300
affymetrix.com. 300 IN MX 20 mail.affymetrix.com.
affymetrix.com. 300 IN A 147.208.165.234
;; AUTHORITY SECTION:
affymetrix.com. 300 IN NS cmtu.mt.ns.els-gms.att.net.
affymetrix.com. 300 IN NS cbru.br.ns.els-gms.att.net.
;; ADDITIONAL SECTION:
cmtu.mt.ns.els-gms.att.net. 86400 IN A 12.127.16.69
cbru.br.ns.els-gms.att.net. 86400 IN A 199.191.128.105
mailscanner1.affymetrix.com. 300 IN A 12.22.48.170
mail.affymetrix.com. 300 IN A 12.22.48.166
;; Query time: 161 msec
;; SERVER: 199.191.128.105#53(cbru.br.ns.els-gms.att.net.)
;; WHEN: Thu Jul 24 02:00:28 2003
;; MSG SIZE rcvd: 301
% dig @cmtu.mt.ns.els-gms.att.net. mailman.affymetrix.com. any
; <<>> DiG 9.2.2 <<>> @cmtu.mt.ns.els-gms.att.net. mailman.affymetrix.com. any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21688
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mailman.affymetrix.com. IN ANY
;; AUTHORITY SECTION:
affymetrix.com. 300 IN SOA ns.affymetrix.com.
dnsmaster.affymetrix.com. 2850201717 3600 300 604800 300
;; Query time: 111 msec
;; SERVER: 12.127.16.69#53(cmtu.mt.ns.els-gms.att.net.)
;; WHEN: Thu Jul 24 02:02:59 2003
;; MSG SIZE rcvd: 103
% dig @cbru.br.ns.els-gms.att.net. mailman.affymetrix.com.
; <<>> DiG 9.2.2 <<>> @cbru.br.ns.els-gms.att.net. mailman.affymetrix.com.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4155
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mailman.affymetrix.com. IN A
;; AUTHORITY SECTION:
affymetrix.com. 300 IN SOA ns.affymetrix.com.
dnsmaster.affymetrix.com. 2850201717 3600 300 604800 300
;; Query time: 172 msec
;; SERVER: 199.191.128.105#53(cbru.br.ns.els-gms.att.net.)
;; WHEN: Thu Jul 24 02:03:22 2003
;; MSG SIZE rcvd: 103
Wild. Again, the advertised nameservers don't know anything
about this hostname.
Let's take a look at dnswalk:
% dnswalk -ralF affymetrix.com.
Getting zone transfer of affymetrix.com. from
cbru.br.ns.els-gms.att.net....done.
Checking affymetrix.com.
localhost.affymetrix.com. 300: invalid character(s) in name
teamsite.affymetrix.com. 300: invalid character(s) in name
teamsite.affymetrix.com. 300 A 205.217.46.82: points to www.genomeathome.com
chipdesign.affymetrix.com. 300: invalid character(s) in name
chipdesign.affymetrix.com. 300 A 205.217.46.72: points to lucca.neomorphic.com
bedforde500.affymetrix.com. 300: invalid character(s) in name
bedforde500.affymetrix.com. 300 A 12.110.143.37: no PTR record
Hmm. Well, your nameservers do appear to be open to zone
transfers, although you do not appear to be subject to cache
pollution/poisoning.
--
Brad Knowles, <brad.knowles at skynet.be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
More information about the Mailman-Users
mailing list