Troubleshooting the "Required Lookup Value"
Question asked by Steve Gaston - May 24 at 1:13 AM
Unanswered
Hi,

hope someone can clear up my understanding/misunderstanding.

Lets use http://uribl.com as an example

The public usage domains for the RBL are as follows

red.uribl.com,  black.uribl.com, grey.uribl.com, white.uribl.com

According to documentation I found on the Internet (http://know.mailsbestfriend.com/papers/SmarterMail-Antispam-Settings.shtml

The lookup values for these domains (as per document) are as follows 

127.0.0.2 - red.uribl.com
127.0.0.2 - black.uribl.com
127.0.0.4 - grey.uribl.com
127.0.0.2 - white.uribl.com

Now, if I do a nslookup with the "Required Lookup Value" for red.uribl.com as follows

nslookup -q=txt 2.0.0.127.red.uribl.com

It will return the following

 
Server:  ks31884.kimsufi.com
Address:  213.251.133.164

Non-authoritative answer:
2.0.0.127.red.uribl.com text =

        "Redlisted, see http://lookup.uribl.com/?domain=2.0.0.127";

uribl.com       nameserver = p.icudp.net
uribl.com       nameserver = v.uribl.net
uribl.com       nameserver = c.sarules.net
uribl.com       nameserver = o.icudp.com
c.sarules.net   internet address = 52.9.94.53
p.icudp.net     internet address = 94.228.131.217
v.uribl.net     internet address = 52.71.102.73
Now, if I do a nslookup on the value for red.uribl.com as follows

nslookup -q=txt 4.0.0.127.grey.uribl.com

It will return the following

Server:  ks31884.kimsufi.com
Address:  213.251.133.164

DNS request timed out.
    timeout was 2 seconds.
*** Request to ks31884.kimsufi.com timed-out
Now if I instead use a lookup value of 127.0.0.instead of a 4 as below

nslookup -q=txt 2.0.0.127.grey.uribl.com

It will return the following

Server:  ks31884.kimsufi.com
Address:  213.251.133.164

Non-authoritative answer:
2.0.0.127.grey.uribl.com        text =

        "Greylisted, see http://lookup.uribl.com/?domain=2.0.0.127";

grey.uribl.com  nameserver = ee.uribl.com
grey.uribl.com  nameserver = dd.uribl.com
grey.uribl.com  nameserver = aa.uribl.com
grey.uribl.com  nameserver = cc.uribl.com
grey.uribl.com  nameserver = hh.uribl.com
grey.uribl.com  nameserver = ff.uribl.com
grey.uribl.com  nameserver = bb.uribl.com
grey.uribl.com  nameserver = gg.uribl.com
aa.uribl.com    internet address = 52.15.111.197
aa.uribl.com    internet address = 52.15.110.177
bb.uribl.com    internet address = 52.66.182.170
bb.uribl.com    internet address = 52.66.6.38
cc.uribl.com    internet address = 52.78.186.95
cc.uribl.com    internet address = 52.78.172.1
dd.uribl.com    internet address = 54.187.121.5
dd.uribl.com    internet address = 52.68.43.176
dd.uribl.com    internet address = 54.148.75.202
dd.uribl.com    internet address = 54.152.34.162
ee.uribl.com    internet address = 54.93.83.147
ee.uribl.com    internet address = 54.152.108.232
ee.uribl.com    internet address = 54.153.33.8
ee.uribl.com    internet address = 52.62.38.7
My understanding is that the domain should only respond to the lookup value that has been associated to it by the RBL.

So for grey the lookup value (according to the document I have found) is 127.0.0.4, but this returns a non existent domain.

But when I use 127.0.0.2 the lookup query returns a valid result.

My question are as follows

1/ How does one determine the correct "Required Lookup Value" for ANY RBL
2/ How does one test the correct "Required Lookup Value"

I really hope to receive a definitive answer to the above two questions.

Thanks

8 Replies

Reply to Thread
0
Steve Gaston Replied
Just to add, also used this resource

0
Steve Gaston Replied
Another example......

The RBL mailspike.net has information regards the lookuo values on their website

When I cross reference this information by using nslookup i again get non existent domain found when using the lookup value of 127.0.0.10-20 for rep.mailspike.net.

Also if I look here


All the lookup values return a 'Failed' value.

What does this mean?

Their DNS server is not responding ? The lookup values have changed ?
0
Steve Gaston Replied
0
Steve Gaston Replied
Really, nobody can assist with this ???
0
Steve Norton Replied
Okay, let's see if this helps with some examples.
A single database, e.g grey.uribl.com, will generally return 127.0.0.2 for a hit. This how life started out.
Currently 'nslookup list-manage.com.grey.uribl.com' returns 127.0.0.2 indicating that 'list-manage.com' is on the grey database.
To reduce DNS queries many list providers have a database that is a merger of 2 or more databases and will return a different 127.0.0.x value relating to the original database the URL can be found on, so we can apply different weights accordingly.
So the query of 'nslookup list-manage.com.multi.uribl.com' returns a value of 127.0.0.4 telling you that it has been found on the grey list, and that was one DNS query rather than four.
As for 'non-existent domain' replies, this means it's not on the database.
Let me know if this clears everything up for you.

0
Steve Gaston Replied
Hi Steve, thanks for your post.

I had already understood the concept you have kindly explained above.

To answer my own questions

1/ How does one determine the correct "Required Lookup Value" for ANY RBL
Answer: By going to the RBL website and using the values found there. A good tool for this is the following resource

2/ How does one test the correct "Required Lookup Value"
Answer: Using nslookup to query the RBL
nslookup -q=txt *The IP address (in reverse) OR DOMAIN that is blacklisted.red.uribl.com 
So if the IP is 4.3.2.1 the query would be

nslookup -q=txt 1.2.3.4.red.uribl.com 
If a value is returned (explained by Steve above) we can determine which RBL the IP is listed in.

Hope this helps someone else

Thanks

0
Steve Norton Replied
Your using RBL notation against URIBL servers and you shouldn't be using q=txt either as they are A records.
RBL servers are used against the connecting IP address and URIBL servers are used against the domains of URIs found in the content of the email,
0
Steve Gaston Replied
Hi Steve,

thanks for explaining,

I will follow up an your guidance by improving my knowledge.

Kind Regards

Reply to Thread