Re: [dnswl-users] 127.0.10.3?

["Brad Jorsch" <programmer@xxxxxxxxxxxxxxx>]

On Nov 28 2011, Bernd H. Steiner wrote:

> On 28.11.2011 17:15, Brad Jorsch wrote:
>
> >    Lately weve been getting responses of 127.0.10.3 to a significant
> >    fraction of our queries, even to IP addresses that the website 
> > lookup
> >    says are unlisted. Sometimes the TXT RR points to
> >    https://subscription.dnswl.org/. But it doesnt seem like it can 
> > be us
> >    making too many queries, I just checked our SMTP logs and we 
> > havent
> >    come anywhere near 100000 SMTP connections in the past *month*. 
> > Our
> >    maximum number of connections in one day was only 1298, on 
> > October 22.
>
> But it seems like the problem described in
> http://www.dnswl.org/news/archives/24-Abusive-use-of-dnswl.org-infrastructure-enforcing-limits.html
>
> Which DNS do you use?

That explains it. Now that I look, I see a year ago our hosting provider 
was having issues with their DNS servers and their solution was "use 
Google's public DNS". And apparently they *still* haven't fixed it. Ugh.

I see dnsmasq has an option to send queries for specific domains (e.g. 
list.dnswl.org) to certain IP addresses rather than the default 
nameservers, but I don't know whether I can convince that to work 
without listing out the IPs of dnswl's nameservers in the config file. I 
don't really have time to set up and maintain a full-fledged resolving 
nameserver locally, nor is it likely I'll be able to convince management 
to pay for a subscription. Does anyone have any other ideas?