DNS SRV support

Ethan Blanton elb at pidgin.im
Mon Aug 27 19:20:25 EDT 2012

Peter Saint-Andre spake unto us the following wisdom:
> Recently the jabber.org IM service came under attack, and as a
> preventive measure we made some changes to our DNS SRV records: the
> attacker went after the IP address of our primary hostname so we set
> up a secondary hostname at a different IP address; more recently we
> have continued to list the A record for jabber.org as the IP address
> that came under attack while listing different IP addresses in our SRV
> records. One side effect has been that IM clients without proper DNS
> SRV support (see section 3.2 of RFC 6120) have been unable to connect
> to jabber.org. As I understand it, Pidgin is one such client (the
> workaround is to "hardcode" one of the machine hostnames as the
> connection address, which works but is more brittle since we might
> change those hostnames, e.g. when we set up a new machine in the near
> future). Is this a known issue in Pidgin or libpurple? If not, I'll
> submit a feature request.

Pidgin has working DNS SRV support, and in fact we use it extensively;
pidgin.im has a DNS SRV entry (although I believe it points to the
same place as the IP for pidgin.im), and DNS SRV is required for
correctly functioning Google Talk clients.  We do *allow* a connect
server to be set (generally for clients that are behind a set top box
that does not handle DNS SRV), but we do not recommend its use.

That said, it sounds like you're seeing problems with Pidgin
connecting to jabber.org via the SRV account.  Can you elucidate what
they are?  We may have bugs that are cropping up in this particular
circumstance that we do not see elsewhere.  A quick test on my own
machine showed correct behavior (my client attempted to connect to
hermes.jabber.org, which is reasonable from the SRV records I see).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: Digital signature
URL: <http://pidgin.im/pipermail/devel/attachments/20120827/4b42c720/attachment.sig>

More information about the Devel mailing list