On 5/11/24 16:04, Mark Milhollan via mailop wrote:
On Mon, 4 Nov 2024, Andy Smith wrote:
Just now my NS queries for the lists used in SpamAssassin:
sa-trusted.bondedsender.org
sa-accredit.habeas.com
bl.score.senderscore.com
are all returning SERVFAIL so I can't tell if they even have any
nameservers on IPv6. Obviously if all their nameservers are on IPv4
then they are never going to see queries from IPv6 resolvers and it
may be of questionable value collecting those IPv6 addresses, but even
then it seems a bit short sighted.
It seems they don't like you asking for the NS of those domains directly
but they will provide it if you ask for an A or TXT of a child. And
indeed they do not seem to support queries via IPv6 -- the queries for a
test address all succeed when made via IPv4 but all fail when made via
IPv6 (e.g., using -4 vs -6 with dig +trace 2.0.0.127.$dnsbl) so it does
make some sense that you cannot register to query them that way. Alas
lots of companies are short-sighted, or very slow to evolve.
I stand corrected on my earlier response, but...
There's no authoritative record for the zone. if you do a trace:
sa-trusted.bondedsender.org. 600 IN NS nsw00.rpdns.net.
;; Received 85 bytes from
2600:9000:5306:5a00::1#53(ns-1626.awsdns-11.co.uk) in 108 ms
;; expected opt record in response
;; Received 45 bytes from 34.233.151.63#53(nsw00.rpdns.net) in 210 ms
Lookups work because ns-1626.awsdns-11.co.uk returns the correct glue,
but there should be an NS record in the sa-trusted.bondedsender.org.
zone file and there is not, so no authoritative response.
A bit of further checking, nsw00.rpdns.net does not have an AAAA record
so there is no chance of any IPv6 queries going to that server, and
therefore everything will be requested in IPv4 anyways.
Note: bl.score.senderscore.com has a NS of nsb00.rpdns.net but
everything else is the same here.
Peter
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
