Re: Can anyone help me? surbl.org FP problems?

[Matt Kettler <mk...@verizon.net>]

David Zinder wrote:
> What should dig return? I too have Verizon fios. If /etc/resolve.conf 
> contains their DNS servers I get similar dig results as you. If I 
> change it to DNS servers I trust I get:
>
> $  dig techweb.com.multi.surbl.org
>
> ; <<>> DiG 9.2.4 <<>> techweb.com.multi.surbl.org
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11053 
<snip>
>
>
>
> Is this a correct response from dig?
Yes, that's the correct result. You want NXDOMAIN (ie: not in the 
blacklist).
> If so, changing the DNS servers in /etc/resolve.conf does not fix my 
> problem. The techweb.com email is still reported on the blocklists. I 
> have also tried dig from two other email servers I control. They both 
> have different DNS servers in /etc/resolve.conf and different ISPs. 
> Both return similar dig results to what I pasted above and the 
> techweb.com email gets the same results.
You can also force dig to use a specific DNS server for the lookup. .you 
might want to check all the servers in your resolv.conf. Perhaps SA is 
using a different one than the command-line is picking:

ie:
dig @192.168.1.1 techweb.com.multi.surbl.org

will force it to use 192.168.1.1 as a DNS server (note the space between 
dig and @.. that's important)

You should see poisoned results from:

 dig @71.242.0.12 techweb.com.multi.surbl.org

And good results from:
 dig @71.242.0.14 techweb.com.multi.surbl.org