The Osirusoft DNSBL is quite broken.

[Bill Cole]

This theme has appeared in multiple threads in NANABl and NANAE
recently, but I think it needs to be stated clearly: the DNSBL operation
run under relays.osirusoft.com is presently in a state of extreme
dysfunction and should not be used by anyone seeking a current or
consistent DNSBL. Because of how the zone is structured, with all
'sub-zones' in fact consisting of just names with embedded dots under
relays.osirusoft.com, ALL the DNSBL's aggregated under
relays.osirusoft.com are effectively out of service at this time.

The raw data from an attempt to snapshot the condition of
relays.osirusoft.com's nameservice is below. I have run essentially the
same scan repeatedly over the past hour and found no changes in
responsiveness or what is returned. The key points are:

1. 3 of the 4 authorities for osirusoft.com (the parent domain) are
completely unresponsive to DNS queries.

2. 6 of the 9 authorities for relays.osirusoft.com are unable to answer
a query for the SOA record for the zone at all.

3. Of the 3 responsive authoritative nameservers, one is serving what
appears to be 10-day-old data and the other 2 appear to be serving
5-day-old data. The one with the stalest data also is the sole
responding authority for the parent zone.

In addition, there have been multiple reports in both NANABl and NANAE
of stale, inconsistent, and unreasonable responses for queries to the
'inputs' (open relays) and 'spews' (SPEWS-listed) pieces of the DNSBL,
which are effectively the only two pieces that can be readily checked
against other sources. It is also disturbing that for the past 2 weeks I
have been receiving private reports of the 'inputs' slice ceasing to
catch much spam at all but showing a sharp spike in rejection of
non-spam from machines which are not open relays.

Users of the Osirusoft DNSBL's currently will see unpredictable resuls,
with queries either failing or being predominantly very slow, with those
results that are received being based on either old or very old data
sets. If you are a user of these DNSBL's and are not seeking results of
that sort, you should stop using any part of relays.osirusoft.com until
it is again functional.

The 'dig' output supporting this follows.

$ dig @a.gtld-servers.net osirusoft.com NS

; <<>> DiG 8.3 <<>> @a.gtld-servers.net osirusoft.com NS
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; QUERY SECTION:
;; osirusoft.com, type = NS, class = IN

;; ANSWER SECTION:
osirusoft.com. 2D IN NS ns4.osirusoft.com.
osirusoft.com. 2D IN NS ns1.osirusoft.com.
osirusoft.com. 2D IN NS ns3.osirusoft.com.
osirusoft.com. 2D IN NS ns2.osirusoft.com.

;; ADDITIONAL SECTION:
ns4.osirusoft.com. 2D IN A 66.33.98.17
ns1.osirusoft.com. 2D IN A 168.103.21.153
ns3.osirusoft.com. 2D IN A 168.103.21.154
ns2.osirusoft.com. 2D IN A 216.168.20.77

;; Total query time: 5114 msec
;; FROM: toaster to SERVER: a.gtld-servers.net 192.5.6.30
;; WHEN: Wed Aug 20 12:23:05 2003
;; MSG SIZE sent: 31 rcvd: 167

$ for i in 1 2 3 4; do dig @ns${i}.osirusoft.com relays.osirusoft.com
ns; done |grep " IN A " |awk '{print $5}'|> while read ns
> do
> echo $ns
> dig @${ns} relays.osirusoft.com soa
> echo
> done
;; res_nsend to server ns1.osirusoft.com 168.103.21.153: Operation
timed out
;; res_nsend to server ns2.osirusoft.com 216.168.20.77: Operation timed
out
;; res_nsend to server ns3.osirusoft.com 168.103.21.154: Operation
timed out
217.138.2.3

; <<>> DiG 8.3 <<>> @217.138.2.3 relays.osirusoft.com soa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; relays.osirusoft.com, type = SOA, class = IN

;; Total query time: 5164 msec
;; FROM: toaster to SERVER: 217.138.2.3 217.138.2.3
;; WHEN: Wed Aug 20 12:23:12 2003
;; MSG SIZE sent: 38 rcvd: 38

168.103.21.153

; <<>> DiG 8.3 <<>> @168.103.21.153 relays.osirusoft.com soa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server 168.103.21.153 168.103.21.153: Operation timed
out

195.86.134.127

; <<>> DiG 8.3 <<>> @195.86.134.127 relays.osirusoft.com soa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server 195.86.134.127 195.86.134.127: Operation timed
out

195.154.210.134

; <<>> DiG 8.3 <<>> @195.154.210.134 relays.osirusoft.com soa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server 195.154.210.134 195.154.210.134: Operation timed
out

203.16.167.1

; <<>> DiG 8.3 <<>> @203.16.167.1 relays.osirusoft.com soa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 9
;; QUERY SECTION:
;; relays.osirusoft.com, type = SOA, class = IN

;; ANSWER SECTION:
relays.osirusoft.com. 11h28m IN SOA ns1-relays.osirusoft.com.
joejared.relays.osirusoft.com. (
2003081501 ; serial
1H ; refresh
15M ; retry
2W ; expiry
12H ) ; minimum

;; AUTHORITY SECTION:
relays.osirusoft.com. 9h58m14s IN NS ns1-relays.osirusoft.com.
relays.osirusoft.com. 9h58m14s IN NS ns2-relays.osirusoft.com.

;; ADDITIONAL SECTION:
ns1-relays.osirusoft.com. 9h44m48s IN A 203.16.167.1
ns1-relays.osirusoft.com. 9h44m48s IN A 217.138.2.3
ns1-relays.osirusoft.com. 9h44m48s IN A 168.103.21.153
ns1-relays.osirusoft.com. 9h44m48s IN A 195.86.134.127
ns1-relays.osirusoft.com. 9h44m48s IN A 195.154.210.134
ns2-relays.osirusoft.com. 9h45m33s IN A 168.103.238.115
ns2-relays.osirusoft.com. 9h45m33s IN A 194.109.6.142
ns2-relays.osirusoft.com. 9h45m33s IN A 207.171.128.15
ns2-relays.osirusoft.com. 9h45m33s IN A 66.33.98.17

;; Total query time: 320 msec
;; FROM: toaster to SERVER: 203.16.167.1 203.16.167.1
;; WHEN: Wed Aug 20 12:23:42 2003
;; MSG SIZE sent: 38 rcvd: 277

66.33.98.17

; <<>> DiG 8.3 <<>> @66.33.98.17 relays.osirusoft.com soa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 9
;; QUERY SECTION:
;; relays.osirusoft.com, type = SOA, class = IN

;; ANSWER SECTION:
relays.osirusoft.com. 12H IN SOA ns1-relays.osirusoft.com.
joejared.relays.osirusoft.com. (
2003081003 ; serial
1H ; refresh
15M ; retry
2W ; expiry
12H ) ; minimum

;; AUTHORITY SECTION:
relays.osirusoft.com. 12H IN NS ns1-relays.osirusoft.com.
relays.osirusoft.com. 12H IN NS ns2-relays.osirusoft.com.

;; ADDITIONAL SECTION:
ns1-relays.osirusoft.com. 1D IN A 168.103.21.153
ns1-relays.osirusoft.com. 1D IN A 195.86.134.127
ns1-relays.osirusoft.com. 1D IN A 195.154.210.134
ns1-relays.osirusoft.com. 1D IN A 203.16.167.1
ns1-relays.osirusoft.com. 1D IN A 217.138.2.3
ns2-relays.osirusoft.com. 1D IN A 194.109.6.142
ns2-relays.osirusoft.com. 1D IN A 207.171.128.15
ns2-relays.osirusoft.com. 1D IN A 66.33.98.17
ns2-relays.osirusoft.com. 1D IN A 168.103.238.115

;; Total query time: 151 msec
;; FROM: toaster to SERVER: 66.33.98.17 66.33.98.17
;; WHEN: Wed Aug 20 12:23:43 2003
;; MSG SIZE sent: 38 rcvd: 277

168.103.238.115

; <<>> DiG 8.3 <<>> @168.103.238.115 relays.osirusoft.com soa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server 168.103.238.115 168.103.238.115: Operation timed
out

194.109.6.142

; <<>> DiG 8.3 <<>> @194.109.6.142 relays.osirusoft.com soa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUERY SECTION:
;; relays.osirusoft.com, type = SOA, class = IN

;; ANSWER SECTION:
relays.osirusoft.com. 12H IN SOA ns1-relays.osirusoft.com.
joejared.relays.osirusoft.com. (
2003081501 ; serial
1H ; refresh
15M ; retry
2W ; expiry
12H ) ; minimum

;; AUTHORITY SECTION:
relays.osirusoft.com. 12H IN NS ns1-relays.osirusoft.com.
relays.osirusoft.com. 12H IN NS ns2-relays.osirusoft.com.

;; Total query time: 169 msec
;; FROM: toaster to SERVER: 194.109.6.142 194.109.6.142
;; WHEN: Wed Aug 20 12:23:53 2003
;; MSG SIZE sent: 38 rcvd: 133

207.171.128.15

; <<>> DiG 8.3 <<>> @207.171.128.15 relays.osirusoft.com soa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server 207.171.128.15 207.171.128.15: Operation timed
out

--
Clues for the blacklisted: <http://www.scconsult.com/bill/dnsblhelp.html>

Current Peeve: People who try to crack my machines and then have the
chutzpah to complain to me about being shunned