what happens when you put a typo in a DNSBL server?

Wes Hardaker wjhns61 at hardakers.net
Tue Jan 16 21:19:40 UTC 2007

>>>>> "JL" == John Levine <johnl at iecc.com> writes:

>> Previous to this date a misconfigured ISP was just not being
>> protected by the BL.  Now, it's potentially dropping all mail from
>> anyone because of the typo.

JL> If only.  I am constantly amazed at the bozos who misconfigure their
JL> DNSBL lookups and don't notice.

Part of the problem is that the protocol is designed to overlay an
existing protocol without providing a valid positive response.  In
this case, lame ISP configures a typo and goes for ages without
noticing that it didn't help them at all because every query was
getting a NXDOMAIN back and they didn't check the traffic.  Had this
been a real protocol you would have gotten back a 404 like message
instead!  Shoe-horning DNS (or any protocol) into a solution works
well only if you don't make mistakes.  And we know that never happens.

In the end, you don't get error messages when you misconfigure a
DNSBL.  That's an architectural issue with how DNSBLs work in the
first place.

"In the bathtub of history the truth is harder to hold than the soap,
 and much more difficult to find."  -- Terry Pratchett

More information about the NANOG mailing list