opm.blitzed.org

Kevin Darcy kcd at chrysler.com
Fri Jul 11 21:03:31 UTC 2008


Obviously they don't want to be queried any more.

Remove or disable whatever software is generating those lookups.

                                                                         
- Kevin

Jorge Polinotto wrote:
> Hi all!
>
> I've looking this query in our nameservers:
>
> 11-Jul-2008 16:14:13.515 queries: info: client A.B.C.D#58730: query:
> 144.5.70.200.opm.blitzed.org IN A +E
> 11-Jul-2008 16:14:13.516 queries: info: client A.B.C.D#54230: query:
> 120.206.142.68.opm.blitzed.org IN A +E
>
> I read that this DNSBL is shut down. But... what's going on?
>
> ----------------------------------------------------
> $ dig 144.5.70.200.opm.blitzed.org A +trace
>
> ; <<>> DiG 9.4.2-P1 <<>> 144.5.70.200.opm.blitzed.org A +trace
> ;; global options:  printcmd
>
> ...
> ...
>
> opm.blitzed.org.        86400   IN      NS      opm-is-no-more.blitzed.org.
> ;; Received 91 bytes from 84.234.24.90#53(sou.nameserver.net) in 225 ms
>
> 200.opm.blitzed.org.    604800  IN      NS     
> please.do.not.query.opm.blitzed.org.
> ;; Received 96 bytes from 78.47.198.182#53(opm-is-no-more.blitzed.org) in
> 245 ms
>
> ;; connection timed out; no servers could be reached
>
> ------------------------------------------------------
> $ dig please.do.not.query.opm.blitzed.org A
>
> ; <<>> DiG 9.4.2-P1 <<>> please.do.not.query.opm.blitzed.org A
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50084
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;please.do.not.query.opm.blitzed.org. IN        A
>
> ;; ANSWER SECTION:
> please.do.not.query.opm.blitzed.org. 580965 IN A 192.0.2.1
> ----------------------------------------------------------
> So the nameservers are trying to reach to 192.0.2.1
>
> >From RFC 3330:
>
> 192.0.2.0/24 - This block is assigned as "TEST-NET" for use in
> documentation and example code.  It is often used in conjunction with
> domain names example.com or example.net in vendor and protocol
> documentation. Addresses within this block should not appear on the public
> Internet.
>
> Do I have to modify my named.conf? Can we do anything to change this type
> of RR's? What did you do with these type of problems?
>
> Thanks in advance.
>
>
> Jorge Polinotto
> Centro de Comunicación Científica
> Universidad de Buenos Aires
>
>
>
>
>   



More information about the bind-users mailing list