Maintained by: NLnet Labs

Unbound and senderbase.org requests

Dimitar Gerasimov
Mon Jul 18 09:20:12 CEST 2016


Hi all,

Long story short - we have Cisco Ironport email security appliance. This 
device filter emails by reputation filtering. To do this, the device 
send dns TXT request to senderbase.org, and based on answer make 
decisions about filtering mails.

But that is not working through Unbound .

This is request and answer using Google free DNS :

dig @8.8.8.8 txt 
1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.senderbase.org

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.8.8 txt 
1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.senderbase.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3460
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.senderbase.org. 
IN TXT

;; ANSWER SECTION:
1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.senderbase.org. 
999 IN TXT "|0=2.5|1=0.0|2=0.4399|3=0.5|7=AvNDhLIaN|10=0,0|"

;; Query time: 195 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Jul 18 08:29:16 EEST 2016
;; MSG SIZE  rcvd: 170

As we can see, the request has a ANSWER SECTION, and Cisco Ironport use 
this numbers for blocking e-mails (domains).

This is request and answer using Unbound

dig @UnboundIP txt 
1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.senderbase.org

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @UnboundIP txt 
1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.senderbase.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5044
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1480
;; QUESTION SECTION:
;1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.senderbase.org. 
IN TXT

;; Query time: 235 msec
;; SERVER: UnboundIP#53(UnboundIP)
;; WHEN: Mon Jul 18 09:53:42 EEST 2016
;; MSG SIZE  rcvd: 110


Unbound return ANSWER NXDOMAIN. Can someone help me with this ? Thanks.