[dns-operations] OT: NXDOMAIN / public resolvers and zen.spamhaus.org

Lyle Giese lyle at lcrcomputer.net
Sun Mar 27 20:22:39 UTC 2011


On 03/27/11 11:58, Matthew Walker wrote:
> I recently noticed after switching my forwarders to public resolvers,
> that zen.spamhaus.org was returning NXDOMAIN.
>
> So, I began some basic testing, and it seems both GoogleDNS and Level3
> are returning NXDOMAIN when using a zen.spamhaus.org test domain.
> OpenDNS appears to be resolving zen.spamhaus.org without any issues.
>
> # google public dns
> $ host 107.178.203.192.zen.spamhaus.org 8.8.8.8
> Host 107.178.203.192.zen.spamhaus.org not found: 3(NXDOMAIN)
>
> $ host 107.178.203.192.zen.spamhaus.org 8.8.4.4
> Host 107.178.203.192.zen.spamhaus.org not found: 3(NXDOMAIN)
>
> # level3 dns
> $ host 107.178.203.192.zen.spamhaus.org 4.2.2.1
> Host 107.178.203.192.zen.spamhaus.org not found: 3(NXDOMAIN)
>
> # opendns
> $ host 107.178.203.192.zen.spamhaus.org 208.67.222.222
> 107.178.203.192.zen.spamhaus.org has address 127.0.0.2
>
> $ host 107.178.203.192.zen.spamhaus.org 208.67.220.220
> 107.178.203.192.zen.spamhaus.org has address 127.0.0.2
>
> So a word of warning if you do use public resolvers, that it might have
> unexpected results.
>
>

I have also seen it mentioned that using these public resolvers are not 
appropriate for use with mail servers as they may give out answers for 
non-existent domains.  They want to push requests for non-existent 
domains to a custom page for their ad or special search pages.

That behavior is not nice for mail servers.  That's ok for end users 
doing nothing more than web surfing.

Lyle Giese
LCR Computer Services, inc



More information about the dns-operations mailing list