what happens when you put a typo in a DNSBL server?

Steve Linford linford at spamhaus.org
Tue Jan 16 19:28:13 UTC 2007


On 16 Jan 2007, at 17:36, Wes Hardaker wrote:
> A number of ISPs use njabl.org as a DNS BL server.  However, starting
> jan 2 a new domain exists "njalb.org" which is serving A records for
> anything queried against it's DNS server.

This is a common problem affecting Spamhaus and others as well;  
domain squatters register every variation of our domains and place  
wildcard DNS on them. We get quite a few complaints from users that  
we're blocking them and when investigated we find some postmaster has  
fat-fingered an entry in his spam filter and instead of  
"spamhaus.org" has entered a domain squatter's variation, such as one  
of these:

;; Query: 1.2.3.4.spamhuas.org ,type = ANY , class = ANY
                        ^^
;; ANSWERS:
1.2.3.4.spamhuas.org	3600	IN	A	64.20.49.210
1.2.3.4.spamhuas.org	3600	IN	A	64.20.33.115
1.2.3.4.spamhuas.org	3600	IN	A	64.20.33.131
1.2.3.4.spamhuas.org	3600	IN	A	64.20.33.4

;; Query: 1.2.3.4.spamhauz.org ,type = ANY , class = ANY
                          ^
;; ANSWERS:
1.2.3.4.spamhauz.org	3600	IN	A	64.20.33.131
1.2.3.4.spamhauz.org	3600	IN	A	64.20.49.210
1.2.3.4.spamhauz.org	3600	IN	A	64.20.33.4
1.2.3.4.spamhauz.org	3600	IN	A	64.20.33.115

   Steve Linford
   The Spamhaus Project
   http://www.spamhaus.org






More information about the NANOG mailing list