[dns-operations] OT: NXDOMAIN / public resolvers and zen.spamhaus.org

Rod Rasmussen rod.rasmussen at internetidentity.com
Mon Mar 28 09:13:20 UTC 2011

This is the text on Spamhaus' site:

"Check what DNS resolvers you are using: If you are using a free "open DNS resolver" service such as Google Public DNS or Level3's public DNS servers to resolve your DNSBL requests, in most cases you will receive a "not listed" (NXDOMAIN) reply from Spamhaus' public DNSBL servers. Please use your own DNS servers when doing DNSBL queries to Spamhaus."

They don't "blame" public DNS resolvers, just tell you that you probably won't get a response.  I'd say "quite dishonest" is overstating their omission of an explanation for why you won't get an answer from their DNSBL when you query it.  It would be nice if they did clarify that though, especially when tying that to their "DNSBL Usage Terms" which explains that they monitor for heavy use and block based on it.



On Mar 28, 2011, at 1:29 AM, Stephane Bortzmeyer wrote:

> On Mon, Mar 28, 2011 at 01:03:49AM -0700,
> Rod Rasmussen <rod.rasmussen at internetidentity.com> wrote 
> a message of 38 lines which said:
>> Actually I think the issue is that Spamhaus purposely does not
>> provide resolution for major public open resolvers.  I can double
>> check with them, but I believe they don't want people (i.e. bad
>> guys) using those resolvers to walk their entire block list, and of
>> course, they have a business model to support, and for major e-mail
>> handlers, they have a fee structure.  If you're using a resolver
>> like Google's, then they can't tell who's really hitting their
>> servers for RBL requests and why.
> That's a sensible explanation but, in that case, SpamHaus is quite
> dishonest to say in their documentation
> <http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20Usage#261> that it's the fault of the public DNS resolver.

More information about the dns-operations mailing list