There were some reports on the SpamAssassin-talk mailing list today,
that all queries to the now-defunct orbs.dorkslayers.com DNSBL
zone are now returning a true result.
Thomas Mechtersheimer pointed out the culprit: it turns out that
b.gtld-servers.net, one of the top-level DNS global TLD servers (
run by Verisign, as far as I can see), is returning 65.246.50.11
for every query for a name that does not exist under the .com and .net
zones. That includes second-level names, and anything under a
nonexistent second-level name.
Take a look. a.gtld-servers.net is returning the correct
NXDOMAIN results, b.gtld-servers.net is blissfully sending
all this traffic to some poor UUnet dialup ;)
dig 242.110.40.68.orbs.dorkslayers.com. @a.gtld-servers.net. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27661 dig 242.110.40.68.orbs.dorkslayers.com. @b.gtld-servers.net. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52998 242.110.40.68.orbs.dorkslayers.com. 15 IN A 65.246.50.11 dig 4905893958xc98gdf9g8945.com @a.gtld-servers.net. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9454 dig 4905893958xc98gdf9g8945.com @b.gtld-servers.net. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42344 4905893958xc98gdf9g8945.com. 15 IN A 65.246.50.11
Update: It's been fixed, as of about 1200 PDT.