[SURBL-Discuss] Lookup web page not showing blacklisted urls?

Chip Campbell chipc at uhnresearch.ca
Tue Jun 2 22:10:58 CEST 2009


Thanks, Raymond and Jeff.

Yes, it's weirdness in the dns, but it's not local to our site (we do
run our own dns servers). 

Here are two queries executed at the main nameservers at the University
of Toronto:

$ dig +short @128.100.100.128 twitter.com.multi.surbl.org
4.36.66.178
$ dig +short @128.100.102.201 twitter.com.multi.surbl.org
202.106.1.2

And here's two executed at York University, also in Toronto:

$ dig +short @130.63.168.21 twitter.com.multi.surbl.org
216.234.179.13
$ dig +short @130.63.237.99 twitter.com.multi.surbl.org
203.161.230.171

Meanwhile, of our two nameservers, we've determined that only the one
that our spam appliance was hitting had the bad result cached; the other
was returing null for twitter. I've pointed our spam appliance at the
clean one. Also, a neighbouring institution, who are likely not doing
surbl lookups, gets clean results. It's safe to assume that one or more
groups within York and U of T are doing surbl lookups.

I'm thinking this suggests that for a while earlier today (these answers
are coming with ttl values up to 60000 sec) someone successfully
injected some bogusness into surbl.org's resolutions. When I do dig
+trace, I get correct results, so the wrongness is only in the cache.

I'd be pleased to do some more digs on these hosts if you'd like. I have
*no* admin-level access to their nameservers, though.

Chip

(PS I still don't understand why I get a negative result when I type
test.surbl.org into the lookup page.)

> -----Original Message-----
> From: discuss-bounces at lists.surbl.org 
> [mailto:discuss-bounces at lists.surbl.org] On Behalf Of Raymond 
> Dijkxhoorn
> Sent: June 2, 2009 13:14
> To: SURBL Discussion list
> Subject: Re: [SURBL-Discuss] Lookup web page not showing 
> blacklisted urls?
> 
> Hi!
> 
> > There are sites which return with IP addresses to dns 
> lookups, but which
> > report as "not blacklisted" when I submit them to the 
> lookup web page.
> >
> > For example,
> >
> > % dig +short twitter.com.multi.surbl.org
> > 4.36.66.178
> > % dig +short test.surbl.org.multi.surbl.org
> > 127.0.0.126
> >
> > But when I enter twitter.com into 
> http://george.surbl.org/lookup.html,
> > it says "twitter.com is not blacklisted" in a green box. Same for
> > test.surbl.org.
> >
> > What am I missing?
> 
> If you get -anything- else back then 127.0.* as an answer to 
> your request 
> you seriously have to ask what your DNS provider is doing. 
> Since there is 
> nothing else in the zonefiles.
> 
> Bye,
> Raymond.
> _______________________________________________
> Discuss mailing list
> Discuss at lists.surbl.org
> http://lists.surbl.org/mailman/listinfo/discuss
> 
> 



More information about the Discuss mailing list