|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Bill Cole (postfixlists-070913
billmail.scconsult.com)
Date: Mon May 26 2008 - 13:53:29 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 11:27 AM -0700 5/26/08, Michael J Wise wrote:
>On May 26, 2008, at 11:09 AM, Bill Cole wrote:
>
>>At 10:41 AM -0700 5/26/08, Michael J Wise wrote:
>>>On May 26, 2008, at 8:24 AM, Zbigniew Szalbot wrote:
>>>
>>>>I am seeing more and more sites using this RBL but I have no idea
>>>>why/how I got into this blacklist. Many thanks!
>>>
>>>You're not on their blacklist.
>>>Their blacklist effectively no longer exists.
>>>And yet it does.
>>>Perhaps it has joined the ranks of the DNSBL UnDead....
>>>
>>>Looks like they moved their domain hosting to Network Solutions,
>>>which has a wildcard policy, and ...
>>>
>>> $ host 15.85.14.85.blackhole.securitysage.com
>>> 15.85.14.85.blackhole.securitysage.com has address 205.178.189.131
>>
>>Interesting. I get a NXDOMAIN. Both authoritative servers for
>>securitysage.com are giving NXDOMAIN responses for random hosts in
>>the zone.
>
>There was more details, but there was also an A record returned.
>Oh, and on some items, it helped to add a ".", as follows:
>
> $ host 15.85.14.85.blackhole.securitysage.com.
> 15.85.14.85.blackhole.securitysage.com has address 205.178.189.131
> Host 15.85.14.85.blackhole.securitysage.com.chn.comcast.net
>not found: 3(NXDOMAIN)
>
>>Are you using a broken resolver that tells you lies when it should
>>be giving you NXDOMAIN?
>
>Currently, I defer to Comcast in that regard.
So, yes.
You cannot trust Comcast to do your DNS resolution. They lie.
dig a.gtld-servers.net securitysage.com ns
; <<>> DiG 9.3.4 <<>> a.gtld-servers.net securitysage.com ns
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23746
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;securitysage.com. IN NS
;; ANSWER SECTION:
securitysage.com. 172800 IN NS ns1.mydyndns.org.
securitysage.com. 172800 IN NS ns2.mydyndns.org.
;; Query time: 75 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Mon May 26 14:29:56 2008
;; MSG SIZE rcvd: 82
>>Since the zone *was* a RHSBL, ...
>
>Difficult for us to tell at this point in time, since all the main
>website says is, "Coming Soon".
>
> <http://blocklist.securitysage.com/>
1. There's no logical reason to expect a webserver using that hostname.
2. Honest DNS says that name does not resolve.
; <<>> DiG 9.3.4 <<>> ns1.mydyndns.org blocklist.securitysage.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33005
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;blocklist.securitysage.com. IN A
;; AUTHORITY SECTION:
securitysage.com. 1800 IN SOA ns1.mydyndns.org.
zone-admin.dyndns.com. 2007100509 10800 1800 604800 1800
;; Query time: 48 msec
;; SERVER: 63.208.196.92#53(63.208.196.92)
;; WHEN: Mon May 26 14:34:53 2008
;; MSG SIZE rcvd: 114
>>Not that it really matters at this point....
>
>Yeah, it's kinda moot since some people are using it as a DNSBL,
>based on the results of the OP.
A RHSBL is arguably a subclass of DNSBL.
The OP's error message actually supported the conjecture of the list
being used as a RHSBL, since it referenced a domain name and not an
IP address.
--
Bill Cole
billscconsult.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]