[rbldnsd] Warning: possible danger of using rbldnsd, and upcoming
data format change
David Landgren
david at landgren.net
Thu Jun 10 00:51:54 MSD 2004
nathan r. hruby wrote:
> On Wed, 9 Jun 2004, David Landgren wrote:
>>In other words, take each file 2.data, 3.data... and generate its MD5
>>sum and store that in 2.md5, 3.md5...
>>
>>Transfer the .data and .md5 over to the dnsbl host.
>>
>
>
> Why not just use rync's -c (checksum) flag?
When I wrote the initial cut, I used scp. As the zone files became
larger it started to drown out the rest of the traffic on the network
interface, which made it difficult to monitor traffic. It was just a
one-line change for immediate benefit. The rest of the mechanics worked,
so why change that and possibly introduce bugs?
The technique lends itself any transport: scp, http, ftp... Plus you if
you are paranoid you can switch from MD5 to SHA-1 (or both) easily. I
have no idea what algorithm rsync uses for checksumming or whether you
can plug in different algorithms. I also have more faith in message
digests than checksums.
Ok, it says here in the man page that rsync uses MD4. Which is certainly
better than checksums, but it is considered broken by cryptographers.
Odd that they should still be using that.
David
More information about the rbldnsd
mailing list