[94283] in North American Network Operators' Group
Re: what happens when you put a typo in a DNSBL server?
daemon@ATHENA.MIT.EDU (Chris L. Morrow)
Tue Jan 16 13:38:16 2007
Date: Tue, 16 Jan 2007 18:32:07 +0000 (GMT)
From: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com>
In-reply-to: <sdps9fkjyk.fsf@wes.hardakers.net>
To: Wes Hardaker <wjhns61@hardakers.net>
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Tue, 16 Jan 2007, Wes Hardaker wrote:
>
>
> A number of ISPs use njabl.org as a DNS BL server. However, starting
> jan 2 a new domain exists "njalb.org" which is serving A records for
> anything queried against it's DNS server. (note the difference: njaBL
> vs njaLB). Previous to this date a misconfigured ISP was just not
> being protected by the BL. Now, it's potentially dropping all mail
> from anyone because of the typo.
>
> # dig +short mail.merit.edu a
> 198.108.1.11
>
> # dig +short 11.1.108.198.combined.njabl.org
>
> # dig +short 11.1.108.198.combined.njalb.org
> 64.20.43.107
> 66.45.232.66
> 66.45.232.75
> 66.45.237.187
right, these are those pesky njiix.net 'dns servers' that send the same 4
A's for any request. I suspect their zone config is:
* IN A 64.20.43.107
IN A 66.45.232.66
IN A 66.45.232.75
IN A 66.45.237.187
in the root.zone file :(
