Re: Policing user CGI scripts
From: Walter Roberson (roberson_at_ibd.nrc-cnrc.gc.ca)
Date: 4 Jul 2004 21:55:30 GMT
In article <firstname.lastname@example.org>,
all mail refused <email@example.com> wrote:
:For instance I like webservers to accept TCP traffic on just
:2 ports (80, 22) and cannot originate any TCP traffic at all.
:That prevents spam relaying and the like without needing
:to know the properties of the CGIs.
But it also breaks DNS. UDP based DNS is only good up to 512
bytes per record, and when a longer record would be returned,
a flag is set in the result; at that point, the originating
system is supposed ot retry with TCP based DNS.
-- IEA408I: GETMAIN cannot provide buffer for WATLIB.