Re: [clamav-users] Spam bounces from this list

[Dennis Peterson]

A simple process to do a name lookup on all the uribl.com authoritative 
name servers. Use dig to find the full list of round robin name servers. 
Dig output has tabs so I use expand to compress them to a single space 
for awk's sake. Awk isolates the A records and passes the IP to a while 
loop reads the IP and passes it to echo and dig. The +short argument 
produces a silent output unless there is a hit. Done.

dig ns multi.uribl.com | \
    expand --tabs=1 | \
    awk '/ A / {print $NF}' | \
    while read IP; \
    do echo $IP && \
    dig +short @$IP geneslinuxbox.net.multi.uribl.com; \
done
This is using the command line utils in CentOS 6.3 and there are 
certainly other simple ways. Other versions of these same tools may 
produce different results.

With that beat to death I think Gene's problems are currently cleared up.

dp


On 2/6/14, 2:26:20PM, Richard Conto wrote:
re: Dennis Peterson denni...@inetnw.com

"nslookup geneslinuxbox.net.multi.uribl.com" is only going to tell someone
where the first (of probably many) layered DNS servers are.  Ubuntu 12.04
(LTS) takes this to an extreme by running a cacheing name server on the
desktop.  i.e.:

Unfortunately, I'm not aware of a traceroute like equivalent for DNS that
will let me query intermediate caches without already knowing where the
intermediate caches are.  (I happen to know where most of my intermediate
caches are.)

"nslookup" on Ubuntu 12.04 (LTS) shows:

$ nslookup  geneslinuxbox.net.multi.uribl.com
Server: 127.0.0.1
Address: 127.0.0.1#53

** server can't find geneslinuxbox.net.multi.uribl.com: NXDOMAIN


(I happen to think Ubuntu's design here is brain damaged.)


I queried Google's public name servers at 8.8.4.4 and 8.8.8.8 and they're
returning the right value (NXDOMAIN), as are Comcast's at 75.75.76.76 and
75.75.75.75 .

The DNS servers listed for the domain OITC.COM are configured so that they
ignore me when I ask about things they're not authoritative for, which is
the right thing to do - but they might give you different answers.


--- Richard Conto



On Thu, Feb 6, 2014 at 4:51 PM, TR Shaw <ts...@oitc.com> wrote:

$ nslookup geneslinuxbox.net.multi.uribl.com
Server:         10.0.1.1
Address:        10.0.1.1#53

** server can't find geneslinuxbox.net.multi.uribl.com: NXDOMAIN

On Feb 6, 2014, at 4:48 PM, Dennis Peterson wrote:

I'm not part of your problem or your solution. I don't own the TTL of
the records of remote DNS servers (should be under 5 seconds, but ??).
However - your domain is no longer listed as of this post time, nor are
several others logged today. The vendor may have had problems - their home
page suggests they have numerous DNS issues. I think that is fairly normal
for black list providers.

There is nothing I can have done to affect your status with them. The
problem did not exist on Feb 03, as I have a post from you on that day.
Having once run the world's largest DNS farm for several years this problem
looks to me like a DNS server was brought up in the uribl farm but before
it had current tables, or a server in the farm that was misbehaving was
removed. Other problems may also present these symptoms (expired keys,
slaves out of sync...), but the general idea is the same. Stale server data
on at least one server in their farm.

Your problem did alert me to  a configuration issue here. My whitelist
information for the Clamav list server had old information in it which I
expect is related to the takeover of ClamAV by Sourcefire who was then
consumed by Cisco. That whitelist information was put in place 7 or more
years ago and until recently it wasn't a problem.

Perhaps your blackholing problem is an indication of more problems - we
can ask the members to repeat the nslookup of your domain to see if others
get the results I got below.

nslookup geneslinuxbox.net.multi.uribl.com should return address not
found. If it is 127.0.0.X then there is still an issue.

dp


On 2/6/14, 1:09 PM, Gene Heskett wrote:
On Thursday 06 February 2014 16:08:01 Dennis Peterson did opine:

Dennis, you seem to be using a very old cache of uribl, I have been
cleared
from that list for around 6 weeks now.  And whatever you have done, is
now
black holing my msgs to the list.

FYI - I had some bounces this week because Gene Heskett's URI in the
following quote is trapped by uribl.com:

nslookup geneslinuxbox.net.multi.uribl.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   geneslinuxbox.net.multi.uribl.com
Address: 127.0.0.2

This post is also a test for me to see if I've whitelisted the list
server.

Cheers, Gene

--

"There are four boxes to be used in defense of liberty:
  soap, ballot, jury, and ammo. Please use in that order."

-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml


Cheers, Gene


_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml


_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml