Fwd: [spamtools] Decomissioning a DNS anti-spam list

hermit921 hermit921 at YAHOO.COM
Fri Mar 19 21:34:38 GMT 2004 

For people who don't follow the spamtools list, a posting (with some lines
deleted for brevity) from the former InfiniteMonkeys owner:


>[deleted] As some of you may know, up until last September, I ran a couple of
>DNS-based anti-spam lists.  As some of you may also know, I ceased
>doing that back in September, because I was DDoS'd by what I can only
>assume must have been spammers.
>
>Anyway, I posted (in various places) an announcement back in September
>that I was shutting down my lists, and I posted a final ``end of life''
>announcement for the lists also about a month and a half ago.
>
>Now, finally, I am _really_ trying to perform a final decommissioning of
>my former anti-spam DNS lists.  (But as the old saying goes, ``No good
>deed goes unpunished.'')
>
>The problem is that no matter what I do, I cannot seem to stop the
>ongoing torrent of queries against the zones, which are coming from
>literally thousands of different sites:
>
>XX /140.105.16.62/51.30.135.194.proxies.relays.monkeys.com/A/IN/E
>XX /206.13.30.10/68.200.213.209.proxies.relays.monkeys.com/A/IN/E
>XX /216.17.138.239/219.206.32.204.proxies.monkeys.com/PTR/IN/E
>XX /212.101.192.70/10.215.3.217.proxies.relays.monkeys.com/A/IN/E
>XX /206.13.30.27/68.200.213.209.proxies.relays.monkeys.com/A/IN/E
>XX /206.222.1.3/214.133.43.217.formmail.relays.monkeys.com/A/IN/E
>XX /206.222.1.3/214.133.43.217.proxies.relays.monkeys.com/A/IN/E
>XX /140.239.96.4/216.213.229.217.proxies.relays.monkeys.com/A/IN/E
>XX /168.243.42.248/23.255.102.194.proxies.relays.monkeys.com/A/IN
>XX /168.243.42.248/23.255.102.194.proxies.relays.monkeys.com/A/IN
>XX /68.156.116.28/246.66.98.24.proxies.monkeys.com/PTR/IN/E
>XX /213.131.64.2/82.170.67.66.formmail.relays.monkeys.com/A/IN/E
>XX /213.131.64.2/82.170.67.66.proxies.relays.monkeys.com/A/IN/E
>XX /198.216.32.3/237.168.92.67.proxies.relays.monkeys.com/A/IN
>XX /140.239.96.4/53.43.174.200.proxies.relays.monkeys.com/A/IN/E
>XX /200.21.139.9/204.78.41.213.proxies.relays.monkeys.com/A/IN/E
>[deleted]
>
>...
>and on and on, ad infinitum.
>
>I have _very little_ bandwidth at my disposal, and now I need to reclaim
>that bandwidth for other purposes.  But these ongoing queries are sucking
>up more than half of the meager bandwidth that I have.
>
>I have tried everything that I can think of to stop this flood of
>bogus queries already, and nothing has worked.  Nothing I have tried
>has even had any noticable effect.  I've tried setting the relevant
>NS records to point into oblivion (specifically into the 224/8 space).
>I have also tried pointing the NS records back to the very same name
>servers elsewhere that are the most frequent ongoing troublemakers,
>i.e. most frequent queriers of my defunct anti-spam zones.  Now I am
>trying the following NS record:
>
>*.relays.monkeys.com.   IN      NS      localhost.monkeys.com.
>
>where `localhost.monkeys.com' resolves to 127.0.0.1 (in the hopes that
>those name servers that are annoying me now will end up just querying
>themselves, instead of me) but so far even this doesn't seem to be
>working very well.
>
>Oh!  And I should mention that I also tried this:
>
>*.relays.monkeys.com.   IN      A       127.0.0.2
>                         IN      TXT     "See http://www.monkeys.com/dnsbl/"
>
>i.e. ``blacklist the Universe'', but even that only produced very limited
>success in terms of getting people to stop sending queries here for the
>dead and defunct anti-spam zones.
>
>So can anybody help me with this?  There has GOT to be some way of de-
>commissioning a zone such that further queries against the zone will not
>be a huge burden on _my_ bandwidth.
>[deleted]

More information about the MailScanner mailing list