nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: what happens when you put a typo in a DNSBL server?

From: Steve Linford <linford () spamhaus org>
Date: Tue, 16 Jan 2007 19:28:13 +0000

On 16 Jan 2007, at 17:36, Wes Hardaker wrote:

A number of ISPs use njabl.org as a DNS BL server.  However, starting
jan 2 a new domain exists "njalb.org" which is serving A records for
anything queried against it's DNS server.
This is a common problem affecting Spamhaus and others as well; domain squatters register every variation of our domains and place wildcard DNS on them. We get quite a few complaints from users that we're blocking them and when investigated we find some postmaster has fat-fingered an entry in his spam filter and instead of "spamhaus.org" has entered a domain squatter's variation, such as one of these: 

;; Query: 1.2.3.4.spamhuas.org ,type = ANY , class = ANY
                       ^^
;; ANSWERS:
1.2.3.4.spamhuas.org    3600    IN      A       64.20.49.210
1.2.3.4.spamhuas.org    3600    IN      A       64.20.33.115
1.2.3.4.spamhuas.org    3600    IN      A       64.20.33.131
1.2.3.4.spamhuas.org    3600    IN      A       64.20.33.4

;; Query: 1.2.3.4.spamhauz.org ,type = ANY , class = ANY
                         ^
;; ANSWERS:
1.2.3.4.spamhauz.org    3600    IN      A       64.20.33.131
1.2.3.4.spamhauz.org    3600    IN      A       64.20.49.210
1.2.3.4.spamhauz.org    3600    IN      A       64.20.33.4
1.2.3.4.spamhauz.org    3600    IN      A       64.20.33.115

  Steve Linford
  The Spamhaus Project
  http://www.spamhaus.org
Previous By Date Next
Previous By Thread Next

Current thread: