[94284] in North American Network Operators' Group
Re: what happens when you put a typo in a DNSBL server?
daemon@ATHENA.MIT.EDU (Steve Linford)
Tue Jan 16 14:29:11 2007
In-Reply-To: <sdps9fkjyk.fsf@wes.hardakers.net>
From: Steve Linford <linford@spamhaus.org>
To: nanog@merit.edu
Date: Tue, 16 Jan 2007 19:28:13 +0000
Errors-To: owner-nanog@merit.edu
On 16 Jan 2007, at 17:36, Wes Hardaker wrote:
> A number of ISPs use njabl.org as a DNS BL server. However, starting
> jan 2 a new domain exists "njalb.org" which is serving A records for
> anything queried against it's DNS server.
This is a common problem affecting Spamhaus and others as well;
domain squatters register every variation of our domains and place
wildcard DNS on them. We get quite a few complaints from users that
we're blocking them and when investigated we find some postmaster has
fat-fingered an entry in his spam filter and instead of
"spamhaus.org" has entered a domain squatter's variation, such as one
of these:
;; Query: 1.2.3.4.spamhuas.org ,type = ANY , class = ANY
^^
;; ANSWERS:
1.2.3.4.spamhuas.org 3600 IN A 64.20.49.210
1.2.3.4.spamhuas.org 3600 IN A 64.20.33.115
1.2.3.4.spamhuas.org 3600 IN A 64.20.33.131
1.2.3.4.spamhuas.org 3600 IN A 64.20.33.4
;; Query: 1.2.3.4.spamhauz.org ,type = ANY , class = ANY
^
;; ANSWERS:
1.2.3.4.spamhauz.org 3600 IN A 64.20.33.131
1.2.3.4.spamhauz.org 3600 IN A 64.20.49.210
1.2.3.4.spamhauz.org 3600 IN A 64.20.33.4
1.2.3.4.spamhauz.org 3600 IN A 64.20.33.115
Steve Linford
The Spamhaus Project
http://www.spamhaus.org
