 Fake Blacklist and DNSAdvantage ???
Someone please help me make sense of this...
I administer a few Zimbra servers. A few days ago I was looking for a good fast recursive DNS server as a resolver. A web search returned a company DNS Advantage. They looked much like Open DNS, so I decided to try them out. I added one of there nameservers (156.154.70.1) to my /etc/resolve.conf. Soon most of the inbound mail was getting bounced stating the senders mailserver was list on a blacklist. At first I though nothing of it thinking that it was a real. Soon I came to my attention that it was affecting yahoo,google MSN and many others, now I knew something was up.
The first dig is quering the server 156.154.70.1 it returns a record for the ip 209.85.198.232.
The second dig is quering the server 208.67.222.222 it returns NXDOMAIN and no ip correctly I might add.
I have checked several other IP's and they all return IP's. I think this is a complex problem where the dns server 156.154.70.1 returns a false address and the server at 74.54.82.156 returns a positive for almost any address queried...
If any of you network admins with more knowledge than I can explain this to me I would really appreciate it. for now I have removed the 156.154.70.1 as a resolver (/etc/resolve.conf) and things are back to normal.
see my dig results below...
Thanks,
Joe
[root@zimb zcs-5.0.11_GA_2695.RHEL5.20081117051306]# dig @156.154.70.1 232.198.85.209.dnsbl.sorbs.net a
; <<>> DiG 9.3.3rc2 <<>> @156.154.70.1 232.198.85.209.dnsbl.sorbs.net a
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43040
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;232.198.85.209.dnsbl.sorbs.net. IN A
;; ANSWER SECTION:
232.198.85.209.dnsbl.sorbs.net. 3600 IN A 74.54.82.156
;; Query time: 77 msec
;; SERVER: 156.154.70.1#53(156.154.70.1)
;; WHEN: Thu Dec 4 11:01:27 2008
;; MSG SIZE rcvd: 94
[root@zimb zcs-5.0.11_GA_2695.RHEL5.20081117051306]# dig @208.67.222.222 232.198.85.209.dnsbl.sorbs.net a
; <<>> DiG 9.3.3rc2 <<>> @208.67.222.222 232.198.85.209.dnsbl.sorbs.net a
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52226
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;232.198.85.209.dnsbl.sorbs.net. IN A
;; Query time: 21 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Thu Dec 4 11:01:50 2008
;; MSG SIZE rcvd: 48
joe@SmallUbu:~/Desktop$ dig @156.154.70.1 232.198.85.209.dnsbl.sorbs.net a
; <<>> DiG 9.4.2-P2 <<>> @156.154.70.1 232.198.85.209.dnsbl.sorbs.net a
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55186
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;232.198.85.209.dnsbl.sorbs.net. IN A
;; ANSWER SECTION:
232.198.85.209.dnsbl.sorbs.net. 3600 IN A 74.54.82.156
;; Query time: 175 msec
;; SERVER: 156.154.70.1#53(156.154.70.1)
;; WHEN: Thu Dec 4 10:47:40 2008
;; MSG SIZE rcvd: 94  | 
Bugzilla
Wiki
Source
Linear Mode
