[rbldnsd] Extracting 'hidden' TXT records
furio ercolessi
furio at spin.it
Sat Mar 13 18:24:57 MSK 2004
[ For the series 'weird questions' ]
I illustrate the point with an example taken from SBL.
61.143.182.145 is currently contained three times in SBL:
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL13628 for 61.143.182.145/32
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL14180 for 61.143.182.144/28
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12684 for 61.143.176.0/20
That is quite common: it is a hierarchy of escalations.
Now, a TXT query returns only the first two:
;; ANSWER SECTION:
145.182.143.61.sbl.spamhaus.org. 2H IN TXT "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL14180"
145.182.143.61.sbl.spamhaus.org. 2H IN TXT "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL13628"
This happens also for Bind nameservers, and it is perfectly understandable:
the /20 listing really is sixteen /24 listings, and a /24 listing is
overridden by a /32 listing.
Good. Now suppose that I want to build an application that tries to
return all listings relative to a given IP, possibly by performing
multiple queries. How to check explicitly for the presence of
a /24 (or larger) listing?
With Bind, it can be done:
% dig txt '*.182.143.61.sbl.spamhaus.org' @204.152.184.189
;; ANSWER SECTION:
*.182.143.61.sbl.spamhaus.org. 2H IN TXT "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12684"
but if I try to do the same with rbldnsd I get no answer. I tried
fooling it with '256.182.143.61.sbl.spamhaus.org' but rbldnsd is too
smart to be tricked, and still get no response.
The question is: is there any trick to extract this information
(presence of /24 listing when /32 listings are present) out of rbldnsd?
furio
More information about the rbldnsd
mailing list