Tanguy Ortolo

After years of waiting, Google has finally enabled IPv6 for their email service Gmail. And a few weeks ago, they updated their policy, adding one specific rule: reject email from IP addresses with no reverse name:

% nc -Cv gmail-smtp-in.l.google.com. smtp
Connection to gmail-smtp-in.l.google.com. 25 port [tcp/smtp] succeeded!
220 mx.google.com ESMTP bz2si13656083wjc.108 - gsmtp
HELO boo.example.com
250 mx.google.com at your service
MAIL FROM: <me@example.com>
250 2.1.0 OK bz2si13656083wjc.108 - gsmtp
RCPT TO: <you@gmail.com>
250 2.1.5 OK bz2si13656083wjc.108 - gsmtp
DATA
354  Go ahead bz2si13656083wjc.108 - gsmtp
Subject: Test
From: Me <me@example.com>
To: You <you@gmail.com>

Test.
.
550-5.7.1 [2001:db8:8e3f:43c7::12      16] Our system has detected that this
550-5.7.1 message does not meet IPv6 sending guidelines regarding PTR records
550-5.7.1 and authentication. Please review
550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_error for more
550 5.7.1 information. bz2si13656083wjc.108 - gsmtp

Read more Google, your IPv6-related email restrictions suck

Many websites have addresses that use a www.- prefix. Some people are encouraging this practice, other are advising against it.

I, for one, think this prefix makes sense and is really useful, so here is an explanation of my opinion. In a nutshell: the Wold Wide Web is one Internet service among many other such as domain name, mail, mailboxes or instant messenging; using a dedicated prefix allows to distribute all these services to specific servers in a convenient way.

Read more Why “www.”?

Je n'ai probablement rien à vous apprendre apprendre au sujet de l'affaire Copwatch Nord-Paris IDF elle-même : le ministère de l'Intérieur, plutôt que d'attaquer l'auteur de ce site Web qui est parfaitement identifiable, a obtenu d'ordonner aux fournisseurs d'accès principaux de le censurer. Cette censure, qui sera effectuée par manipulation du système de nom de domaine ou DNS, donne l'occasion d'étudier un cas d'utilisation de ce système.

Deux cas en un

Lorsqu'on se penche sur ce cas, on constate qu'il est double. En effet, la censure ordonnée aux fournisseur d'accès n'est pas encore en place, néanmoins maints internautes éprouvent déjà des difficultés à accéder à ce site Web. En fait, comme WikiLeaks avant eux, Copwatch ont commis sans s'en rendre compte une erreur technique qui dégrade fortement leur service, probablement en prenant des mesures de défense d'urgence.

Deux cas à étudier donc : l'erreur de Copwatch et méthode de censure. Nous allons nous concentrer sur l'erreur de Copwatch, le sujet de la censure par DNS étant déjà amplement couvert par ailleurs.

Read more DNS : le cas Copwatch

The host name

On Unix systems, the host name is kept in memory by the kernel: it is set and get by the sethostname() and gethostname() functions and their command-line wrapper hostname(1). It can be used by several programs, for instance by the mail server to determine what it should use as its HELO name.

In fact, the host name has two forms: the short one and the fully qualified one. For instance, a host can have muscadet as its short name muscadet and muscadet.example.com as its fully qualified one. From these two forms, a third information can be deduced: the domain name, which is the full name without its first component.

The system host name can be set as either the short name or the fully qualified name. When the full name is used, the short one can be easily deduced, by keeping only its first component. When the short name is used, the full name must be determined by using a more complex heuristic that takes more time and can fail for several reasons.

Read more About system host names