From owner-freebsd-hackers@FreeBSD.ORG Sat Aug 2 20:11:17 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1967837B401; Sat, 2 Aug 2003 20:11:17 -0700 (PDT) Received: from praetor.linc-it.com (hardtime.linuxman.net [66.147.26.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 234D743F93; Sat, 2 Aug 2003 20:11:16 -0700 (PDT) (envelope-from fullermd@over-yonder.net) Received: from mortis.over-yonder.net (adsl-19-129-168.jan.bellsouth.net [68.19.129.168]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by praetor.linc-it.com (Postfix) with ESMTP id A57E0152A5; Sat, 2 Aug 2003 22:11:14 -0500 (CDT) Received: by mortis.over-yonder.net (Postfix, from userid 100) id 977B920F26; Sat, 2 Aug 2003 22:11:12 -0500 (CDT) Date: Sat, 2 Aug 2003 22:11:12 -0500 From: "Matthew D. Fuller" To: David Malone Message-ID: <20030803031112.GB1161@over-yonder.net> References: <20030801235200.A53695@xorpc.icir.org> <20030802085918.GA14729@walton.maths.tcd.ie> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030802085918.GA14729@walton.maths.tcd.ie> User-Agent: Mutt/1.4.1i-fullermd.1 X-Editor: vi X-OS: FreeBSD cc: Luigi Rizzo cc: hackers@freebsd.org cc: ume@freebsd.org Subject: Re: can we disable AAAA queries in the resolver ? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2003 03:11:17 -0000 On Sat, Aug 02, 2003 at 09:59:18AM +0100 I heard the voice of David Malone, and lo! it spake thus: > > A significant number of these are ad servers, so after complaining > to Doubleclick and getting no response, I've told my local name > server that it is authorititive for doubleclick.net and given it > an empty zone. Since doing this I don't notice the problem any more. I short-circuited to hosts and ipfw. # ipfw show 2 00002 14 864 reject ip from any to 127.0.0.2 # telnet ad.doubleclick.net 80 Trying 127.0.0.2... telnet: connect to address 127.0.0.2: Permission denied telnet: Unable to connect to remote host ('course, DNS is better with multiple machines. You could just burn a single RFC1918 address for rejecting all the ad-type things) -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet"