The Spamhaus DBL is intended to be used to find domains that have poor reputations of sending spam. According to their documentation you should be able to test that it is working by looking up the host
or dig
response for 'dbltest.com.dbl.spamhaus.org'
and it should respond with 'dbltest.com.dbl.spamhaus.org IN A 127.0.1.2'
.
However this is what I get:
print_r(`host dbltest.com.dbl.spamhaus.org`);
// Results in:
// Host dbltest.com.dbl.spamhaus.org not found: 3(NXDOMAIN)
// AND
print_r(`dig dbltest.com.dbl.spamhaus.org`);
// Results in:
//; <<>> DiG 9.10.3-P4-Ubuntu <<>> dbltest.com.dbl.spamhaus.org
//;; global options: +cmd
//;; Got answer:
//;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18973
//;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
//
//;; OPT PSEUDOSECTION:
//; EDNS: version: 0, flags:; udp: 512
//;; QUESTION SECTION:
//;dbltest.com.dbl.spamhaus.org. IN A
//
//;; AUTHORITY SECTION:
//dbl.spamhaus.org. 5 IN SOA need.to.know.only. hostmaster.spamhaus.org. 2010142352 //3600 600 432000 10
//
//;; Query time: 37 msec
//;; SERVER: 8.8.8.8#53(8.8.8.8)
//;; WHEN: Wed Oct 14 17:54:12 MDT 2020
//;; MSG SIZE rcvd: 121
The host
results look exactly like what Spamhaus says the response should be if the domain is not listed in the DBL. And the dig
results seem mostly useless in this context unless I'm just missing something. Neither are correct. I've also tested suggested solutions from github, but none of the proposed options (or any reasonable combination of the suggestions that I can think of) produce viable results either.
I'm starting to think that Spamhaus may have shutdown the public side of this service, but I'm hoping that I'm wrong.
The problem is that you're using Google Public DNS. It's explained in this FAQ
If you are using a free "open DNS resolver" service such as the Google Public DNS (8.8.8.8) in most cases they will return a "not listed" (NXDOMAIN) reply from Spamhaus' public DNSBL servers.
- We recommend using your own DNS servers when doing DNSBL queries to Spamhaus. If this is not possible, contact us for other options.
I get the correct response when using the Comcast DNS servers. Try using your own ISP's nameservers instead of Google.