You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Andrew Daviel <ad...@triumf.ca> on 2014/06/10 21:33:59 UTC

FYI - ahbl.org and BIND DNS errors

Per http://ahbl.org/content/changes-ahbl, AHBL is going away (still used 
in spamassassin-3.3.1)

Meanwhile, AHBL is serving strange DNS responses, e.g.
(from wireshark)

   1   0.000000 142.90.100.186 -> 162.243.209.249 DNS 93 Standard query 0xc828  A zuz.rhsbl.ahbl.org
   2   0.072481 162.243.209.249 -> 142.90.100.186 DNS 246 Standard query response 0xc828
     Authoritative nameservers
         rhsbl.ahbl.org: type NS, class IN, ns invalid.ahbl.org
         rhsbl.ahbl.org: type NS, class IN, ns unresponsive.ahbl.org
         rhsbl.ahbl.org: type NS, class IN, ns unresponsive2.ahbl.org
             Name Server: unresponsive2.ahbl.org
     Additional records
         invalid.ahbl.org: type A, class IN, addr 244.254.254.254
             Addr: 244.254.254.254 (244.254.254.254)
         unresponsive.ahbl.org: type A, class IN, addr 10.230.230.230
             Addr: 10.230.230.230 (10.230.230.230)
         unresponsive2.ahbl.org: type A, class IN, addr 192.168.230.230
             Addr: 192.168.230.230 (192.168.230.230)
         invalid.ahbl.org: type AAAA, class IN, addr fe80::
             Addr: fe80::

This last one, fe80::, is an IPv6 scope-link address that causes the BIND 
nameserver to log a weird error
named[31365]: socket.c:4373: unexpected error:
named[31365]: 22/Invalid argument
Per http://www.mail-archive.com/bind-users@lists.isc.org/msg05240.html
connect() fails as it is missing scoping information.


-- 
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376  (Pacific Time)
Network Security Manager

Re: FYI - ahbl.org and BIND DNS errors

Posted by Dave Funk <db...@engineering.uiowa.edu>.

On Tue, 10 Jun 2014, Andrew Daviel wrote:

> Per http://ahbl.org/content/changes-ahbl, AHBL is going away (still used in 
> spamassassin-3.3.1)
>
> Meanwhile, AHBL is serving strange DNS responses, e.g.
> (from wireshark)
>
>  1   0.000000 142.90.100.186 -> 162.243.209.249 DNS 93 Standard query 0xc828 
> A zuz.rhsbl.ahbl.org
>  2   0.072481 162.243.209.249 -> 142.90.100.186 DNS 246 Standard query 
> response 0xc828
>    Authoritative nameservers
>        rhsbl.ahbl.org: type NS, class IN, ns invalid.ahbl.org
>        rhsbl.ahbl.org: type NS, class IN, ns unresponsive.ahbl.org
>        rhsbl.ahbl.org: type NS, class IN, ns unresponsive2.ahbl.org
>            Name Server: unresponsive2.ahbl.org
>    Additional records
>        invalid.ahbl.org: type A, class IN, addr 244.254.254.254
>            Addr: 244.254.254.254 (244.254.254.254)
>        unresponsive.ahbl.org: type A, class IN, addr 10.230.230.230
>            Addr: 10.230.230.230 (10.230.230.230)
>        unresponsive2.ahbl.org: type A, class IN, addr 192.168.230.230
>            Addr: 192.168.230.230 (192.168.230.230)
>        invalid.ahbl.org: type AAAA, class IN, addr fe80::
>            Addr: fe80::
>
> This last one, fe80::, is an IPv6 scope-link address that causes the BIND 
> nameserver to log a weird error
> named[31365]: socket.c:4373: unexpected error:
> named[31365]: 22/Invalid argument
> Per http://www.mail-archive.com/bind-users@lists.isc.org/msg05240.html
> connect() fails as it is missing scoping information.

Umm, with a name like "invalid.ahbl.org" what do you expect? That's 
truth in advertising. It's 'invalid', as a matter of fact all of those
addresses aren't usable, they're either RFC-1918 or multicast/local-scope.
So none of those are valid for remote queries.

Do NOT use rhsbl.ahbl.org. period. end of song.


-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

Re: FYI - ahbl.org and BIND DNS errors

Posted by Axb <ax...@gmail.com>.

On 06/10/2014 09:33 PM, Andrew Daviel wrote:
>
> Per http://ahbl.org/content/changes-ahbl, AHBL is going away (still used
> in spamassassin-3.3.1)
>
> Meanwhile, AHBL is serving strange DNS responses, e.g.
> (from wireshark)
>
>    1   0.000000 142.90.100.186 -> 162.243.209.249 DNS 93 Standard query
> 0xc828  A zuz.rhsbl.ahbl.org
>    2   0.072481 162.243.209.249 -> 142.90.100.186 DNS 246 Standard query
> response 0xc828
>      Authoritative nameservers
>          rhsbl.ahbl.org: type NS, class IN, ns invalid.ahbl.org
>          rhsbl.ahbl.org: type NS, class IN, ns unresponsive.ahbl.org
>          rhsbl.ahbl.org: type NS, class IN, ns unresponsive2.ahbl.org
>              Name Server: unresponsive2.ahbl.org
>      Additional records
>          invalid.ahbl.org: type A, class IN, addr 244.254.254.254
>              Addr: 244.254.254.254 (244.254.254.254)
>          unresponsive.ahbl.org: type A, class IN, addr 10.230.230.230
>              Addr: 10.230.230.230 (10.230.230.230)
>          unresponsive2.ahbl.org: type A, class IN, addr 192.168.230.230
>              Addr: 192.168.230.230 (192.168.230.230)
>          invalid.ahbl.org: type AAAA, class IN, addr fe80::
>              Addr: fe80::
>
> This last one, fe80::, is an IPv6 scope-link address that causes the
> BIND nameserver to log a weird error
> named[31365]: socket.c:4373: unexpected error:
> named[31365]: 22/Invalid argument
> Per http://www.mail-archive.com/bind-users@lists.isc.org/msg05240.html
> connect() fails as it is missing scoping information.

ahbl.org was removed from SA many moons ago...