On 6/2/09, SM sm@resistor.net wrote:
At 22:43 02-06-2009, Jeff Chan wrote:
This December 2007 paper "The Great DNS Wall of China" suggests that Chinese ISPs are (being forced to) distort DNS results for domains that contain certain strings:
David Funk posted a message about a stale configuration causing bogus responses. On the surface, that may explain the behavior. However, it does not explain the malformed packets. We could theorize that the incorrect results are due to some corruption (broken nameserver, etc.). Based on other rough tests I conducted, I don't think so.
The specific IPs being returned correspond exactly to the paper:
flickr.com.multi.surbl.org has address 202.106.1.2 flickr.com.multi.surbl.org has address 209.145.54.50 ;; Got bad packet: bad label type 86 bytes e7 f7 85 80 00 01 00 01 00 00 00 00 06 66 6c 69 63 6b 72 03 63 6f 6d 05 6d 75 6c 74 69 05 73 75 72 62 6c 03 6f 72 67 00 00 0f 00 01 06 66 6c 69 63 6b 72 03 63 6f 6d 05 6d 75 6c 74 69 05 73 75 72 62 6c 03 6f 72 67 00 00 0f 00 01 00 01 51 80 00 04 d8 ea b3 0d
twitter.com.multi.surbl.org has address 209.145.54.50 twitter.com.multi.surbl.org has address 216.234.179.13 twitter.com.multi.surbl.org has address 64.33.88.161
flickr.com.multi.surbl.org has address 4.36.66.178 flickr.com.multi.surbl.org has address 203.161.230.171 flickr.com.multi.surbl.org has address 202.181.7.85
Which suggests deliberate DNS distortion, as opposed to a misconfiguration.
rbldnsd version 0.996a should be fine.
Jeff C.