On Wed, 7 Feb 2024, Atro Tossavainen via mailop wrote:
Otherwise you need to stop using Spamhaus -- even if you sign-up,
perhaps because of the query volume, you still must query them
directly not via a public resolver.
This is not true.
One of the main points of DQS is that the DNS service you use no
longer matters. They don't need to block the server - if you misused
the DQS (whatever the definition of misuse might be), they can simply
block *you* from accessing the data, not *all users of the same DNS
infrastructure*.
... but that does mean trusting 8.8.8.8 with your private secret.
[atossava@x ~]$ nslookup
server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53
2.0.0.127.zen.spamhaus.org
Server: 8.8.8.8
Address: 8.8.8.8#53
** server can't find 2.0.0.127.zen.spamhaus.org: NXDOMAIN
2.0.0.127.[DQS zone].zen.dq.spamhaus.net
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: 2.0.0.127.[DQS zone].zen.dq.spamhaus.net
Address: 127.0.0.2
Name: 2.0.0.127.[DQS zone].zen.dq.spamhaus.net
Address: 127.0.0.10
Name: 2.0.0.127.[DQS zone].zen.dq.spamhaus.net
Address: 127.0.0.4
--
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, https://www.koliloks.eu/
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop