Skip to content

Archives

GTLD Nameserver has corrupt data – again

There were some reports on the SpamAssassin-talk mailing list today, that all queries to the now-defunct orbs.dorkslayers.com DNSBL zone are now returning a true result.

Thomas Mechtersheimer pointed out the culprit: it turns out that b.gtld-servers.net, one of the top-level DNS global TLD servers ( run by Verisign, as far as I can see), is returning 65.246.50.11 for every query for a name that does not exist under the .com and .net zones. That includes second-level names, and anything under a nonexistent second-level name.

Take a look. a.gtld-servers.net is returning the correct NXDOMAIN results, b.gtld-servers.net is blissfully sending all this traffic to some poor UUnet dialup ;)

dig 242.110.40.68.orbs.dorkslayers.com. @a.gtld-servers.net.
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27661
dig 242.110.40.68.orbs.dorkslayers.com. @b.gtld-servers.net.
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52998
242.110.40.68.orbs.dorkslayers.com. 15 IN A     65.246.50.11
dig 4905893958xc98gdf9g8945.com @a.gtld-servers.net.
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9454
dig 4905893958xc98gdf9g8945.com @b.gtld-servers.net.
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42344
4905893958xc98gdf9g8945.com. 15 IN      A       65.246.50.11

Update: It's been fixed, as of about 1200 PDT.