Thanks, Raymond and Jeff.
Yes, it's weirdness in the dns, but it's not local to our site (we do run our own dns servers).
Here are two queries executed at the main nameservers at the University of Toronto:
$ dig +short @128.100.100.128 twitter.com.multi.surbl.org 4.36.66.178 $ dig +short @128.100.102.201 twitter.com.multi.surbl.org 202.106.1.2
And here's two executed at York University, also in Toronto:
$ dig +short @130.63.168.21 twitter.com.multi.surbl.org 216.234.179.13 $ dig +short @130.63.237.99 twitter.com.multi.surbl.org 203.161.230.171
Meanwhile, of our two nameservers, we've determined that only the one that our spam appliance was hitting had the bad result cached; the other was returing null for twitter. I've pointed our spam appliance at the clean one. Also, a neighbouring institution, who are likely not doing surbl lookups, gets clean results. It's safe to assume that one or more groups within York and U of T are doing surbl lookups.
I'm thinking this suggests that for a while earlier today (these answers are coming with ttl values up to 60000 sec) someone successfully injected some bogusness into surbl.org's resolutions. When I do dig +trace, I get correct results, so the wrongness is only in the cache.
I'd be pleased to do some more digs on these hosts if you'd like. I have *no* admin-level access to their nameservers, though.
Chip
(PS I still don't understand why I get a negative result when I type test.surbl.org into the lookup page.)
-----Original Message----- From: discuss-bounces@lists.surbl.org [mailto:discuss-bounces@lists.surbl.org] On Behalf Of Raymond Dijkxhoorn Sent: June 2, 2009 13:14 To: SURBL Discussion list Subject: Re: [SURBL-Discuss] Lookup web page not showing blacklisted urls?
Hi!
There are sites which return with IP addresses to dns
lookups, but which
report as "not blacklisted" when I submit them to the
lookup web page.
For example,
% dig +short twitter.com.multi.surbl.org 4.36.66.178 % dig +short test.surbl.org.multi.surbl.org 127.0.0.126
But when I enter twitter.com into
http://george.surbl.org/lookup.html,
it says "twitter.com is not blacklisted" in a green box. Same for test.surbl.org.
What am I missing?
If you get -anything- else back then 127.0.* as an answer to your request you seriously have to ask what your DNS provider is doing. Since there is nothing else in the zonefiles.
Bye, Raymond. _______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss