There were some reports on the SpamAssassin-talk mailing list today,
that all queries to the now-defunct orbs.dorkslayers.com DNSBL
zone are now returning a true result.
Thomas Mechtersheimer pointed out the culprit: it turns out that
b.gtld-servers.net, one of the top-level DNS global TLD servers (
run by Verisign, as far as I can see), is returning 65.246.50.11
for every query for a name that does not exist under the .com and .net
zones. That includes second-level names, and anything under a
nonexistent second-level name.
Take a look. a.gtld-servers.net is returning the correct
NXDOMAIN results, b.gtld-servers.net is blissfully sending
all this traffic to some poor UUnet dialup ;)