DNS, ISP stupidity, and DNSBLs

[James Wilkinson]

Bruno Wolff III wrote:
> That depends on your ISP. For some ISPs, using their cache is a bad thing.
> There are some ISPs, for example, that change TTLs and that can cause
> unexpected delays in propagation of updates. It's probably less likely
> now, but in the past cache poisoning was a problem and your ISP's cache
> make have bad data in it.

While you’re mentioning it…

Some ISPs also assume that their users only use the wider Internet to
“surf the web”. Therefore, any DNS lookups for other domains than their
own must be related to web browsing, and if the result is “no such
computer”, then they are free to return the IP address of a web server
designed to provide a “helpful search page”.

This breaks DNSBLs¹ (as used by many anti-spam packages) in a
particularly nasty way – *all* emails will be marked (and possibly
rejected) as spam. And since ISPs rarely tell their customers beforehand
that they are going to play such games, previously-working
configurations will suddenly break without warning.

So if you’re going to use DNSBLs (which can be very helpful for spam
filtering), you either need to really trust your ISP or run your own DNS
server.

James.

¹ DNS-based Black Lists (or Block Lists)

-- 
E-mail:     james@ |  ... more holes in Internet Explorer than Blackburn,
aprilcottage.co.uk | Lancashire...
                   |     -- http://theinquirer.net/?article=17235