DNS SRV support

Peter Saint-Andre stpeter at stpeter.im
Mon Aug 27 19:41:12 EDT 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/27/12 5:20 PM, Ethan Blanton wrote:
> Peter Saint-Andre spake unto us the following wisdom:
>> Recently the jabber.org IM service came under attack, and as a 
>> preventive measure we made some changes to our DNS SRV records:
>> the attacker went after the IP address of our primary hostname so
>> we set up a secondary hostname at a different IP address; more
>> recently we have continued to list the A record for jabber.org as
>> the IP address that came under attack while listing different IP
>> addresses in our SRV records. One side effect has been that IM
>> clients without proper DNS SRV support (see section 3.2 of RFC
>> 6120) have been unable to connect to jabber.org. As I understand
>> it, Pidgin is one such client (the workaround is to "hardcode"
>> one of the machine hostnames as the connection address, which
>> works but is more brittle since we might change those hostnames,
>> e.g. when we set up a new machine in the near future). Is this a
>> known issue in Pidgin or libpurple? If not, I'll submit a feature
>> request.
> 
> Pidgin has working DNS SRV support, and in fact we use it
> extensively; pidgin.im has a DNS SRV entry (although I believe it
> points to the same place as the IP for pidgin.im), and DNS SRV is
> required for correctly functioning Google Talk clients.  We do
> *allow* a connect server to be set (generally for clients that are
> behind a set top box that does not handle DNS SRV), but we do not
> recommend its use.
> 
> That said, it sounds like you're seeing problems with Pidgin 
> connecting to jabber.org via the SRV account.  Can you elucidate
> what they are?  We may have bugs that are cropping up in this
> particular circumstance that we do not see elsewhere.  A quick test
> on my own machine showed correct behavior (my client attempted to
> connect to hermes.jabber.org, which is reasonable from the SRV
> records I see).

Hmm, I admit that this report was second-hand. If you see no issues
now, it was probably a false report. My apologies for the noise!

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlA8BZgACgkQNL8k5A2w/vz7NACeL7APlMe0Aasli9ycFy2/dcFR
YLEAn0ziQ4IWwPQA3haW+34CkaWtd/z6
=Yx5V
-----END PGP SIGNATURE-----

More information about the Devel mailing list