[69644] in North American Network Operators' Group
Re: Anyone from AT&T here? (AT&T bogus DNSBL answers)
daemon@ATHENA.MIT.EDU (Steve Linford)
Sat Apr 17 18:21:55 2004
In-Reply-To: <Pine.LNX.4.58.0404171559040.30488@web1.mmaero.com>
Date: Sat, 17 Apr 2004 23:21:10 +0100
To: jlewis@lewis.org, nanog@merit.edu
From: Steve Linford <linford@spamhaus.org>
Errors-To: owner-nanog-outgoing@merit.edu
At 16:06 -0400 (GMT) 17/4/04, jlewis@lewis.org wrote:
> Steve Linford wrote:
>
>> AT&T customers have contacted us saying they can't reach any of our
>> DNSBLs, seems AT&T have defined a fake sbl.spamhaus.org zone in their
>> DNS servers so when AT&T customers ask AT&T's NS 12.149.189.2 for
>> sbl.spamhaus.org they get:
>> ...
>
> I was looking at this some more last night, and noticed this appears to
> have been some kind of mistaken identity issue. Check the whois and
> PTR for 12.149.189.2. It certainly doesn't appear to be an AT&T
> maintained DNS server.
No mistake, although 12.149.189.2 is a customer's NS it uses AT&T's
NS as the resolver. We've have complaints from other AT&T users about
the same thing, as does another DNSBL (SpamCop), and there's now an
answer from AT&T to one of their customers who forwarded AT&Ts
response:
"I finally talked to someone who knows what the problem is. Your sbl sites
have been blocked by the standard DNS forwarders supplied by ATT. This is
due to the workload being generated on them from mailservers."
--
Steve Linford
The Spamhaus Project
http://www.spamhaus.org
