[SURBL-Discuss] Lookup web page not showing blacklisted urls?

SURBL Role surbl.role at gmail.com
Wed Jun 3 10:46:32 CEST 2009


On 6/2/09, SM <sm at resistor.net> wrote:
> At 22:43 02-06-2009, Jeff Chan wrote:
>  >This December 2007 paper "The Great DNS Wall of China" suggests that
>  >Chinese ISPs are (being forced to) distort DNS results for domains
>  >that contain certain strings:
>
>
> David Funk posted a message about a stale configuration causing bogus
>  responses.  On the surface, that may explain the behavior.  However,
>  it does not explain the malformed packets.  We could theorize that
>  the incorrect results are due to some corruption (broken nameserver,
>  etc.).  Based on other rough tests I conducted, I don't think so.


The specific IPs being returned correspond exactly to the paper:


flickr.com.multi.surbl.org has address 202.106.1.2
flickr.com.multi.surbl.org has address 209.145.54.50
;; Got bad packet: bad label type
86 bytes
e7 f7 85 80 00 01 00 01 00 00 00 00 06 66 6c 69
63 6b 72 03 63 6f 6d 05 6d 75 6c 74 69 05 73 75
72 62 6c 03 6f 72 67 00 00 0f 00 01 06 66 6c 69
63 6b 72 03 63 6f 6d 05 6d 75 6c 74 69 05 73 75
72 62 6c 03 6f 72 67 00 00 0f 00 01 00 01 51 80
00 04 d8 ea b3 0d

twitter.com.multi.surbl.org has address 209.145.54.50
twitter.com.multi.surbl.org has address 216.234.179.13
twitter.com.multi.surbl.org has address 64.33.88.161

flickr.com.multi.surbl.org has address 4.36.66.178
flickr.com.multi.surbl.org has address 203.161.230.171
flickr.com.multi.surbl.org has address 202.181.7.85


Which suggests deliberate DNS distortion, as opposed to a misconfiguration.

rbldnsd version 0.996a should be fine.

Jeff C.


More information about the Discuss mailing list