Re: [mailop] 0spam.org DNSBL SERVFAIL

Sun, 14 Nov 2021 03:45:33 -0800 

On 14/11/2021 20:02, Simon Arlott via mailop wrote:


On 12/11/2021 18:56, Slavko via mailop wrote:


I am using bl.0spam.org and nbl.0spam.org RBLs in my custom RBL check
script, but in more days their DNS server returns SERVFAIL.

Please, are these RBL gone or it is only mistake in its configuration?


The DNSSEC RRSIG for the SOA RR is out of date, so all NXDOMAIN (not
found) responses will fail to validate:
https://dnsviz.net/d/1.0.0.127.bl.0spam.org/dnssec/

In this case, the signature is for the SOA with serial 2021110401 but
the current SOA serial is 2021110501:
https://gist.github.com/nomis/239c16f5f2321600e9397933b193d955

You can request data even if it doesn't validate by using
"dig +dnssec +cd":

0spam.org.        56 IN SOA ns1.0spam.org. sa.0spam.org. (
2021110501 ; serial
10800      ; refresh (3 hours)
3600       ; retry (1 hour)
1209600    ; expire (2 weeks)
3600       ; minimum (1 hour)
)
0spam.org.        56 IN RRSIG SOA 8 2 10800 (
20211219192545 20211104182545 53779 0spam.org.
rSfVa/1fDI+075D0UmXxiJJ2o8OJ37cszPhrtuvADk0e
OtNtfVH4q+vTP2mIVZKq3/DeE7aDFSiQNrL4rSoeubvq
+CmD6ACJ+vBW1hvw2teQgtTAV7CmIZgRbA+AJeHNOb9J
32U0hBWUs+s7hWyfjy7GLd3qLe13xBYajJeKLrw= )

0spam.org.        3566 IN    DNSKEY 256 3 8 (
AwEAAa4Y6IcV8Aa47O2aJAciBJ+ys9r+ycnpR5nhWWOC
DHCXuLAUQZFWf9LbbNs1z2YrYuvpMhY424AK9nqkbBZl
9mTd+2suXd4PpKSK4AJ4YdA+WkOVF4O2zvQUzseYjAQh
fMaSlT7BwmVE1myRAn+x9gysJ+mBsHTiBvGxDgMAGnhf
) ; ZSK; alg = RSASHA256 ; key id = 53779


https://zonecheck.org/result/99fbf54020a2b9a9

Seems they have an issue or 2 with dnssec

--
Regards,
Noel Butler
This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to