Quoting Giampaolo Tomassoni <g.tomassoni@libero.it>:
> Please note that one generally can't issue a DNS request to a specific
> server from SA, since its resolver engine only uses the globally-defined DNS
> server(s). Thereby, in the common case I should get the NSes published by
> root servers, which should be exactly the ones published in whois. But they
> not always are! This is not because of a "change" in progress, but because
> of the normal follow-up of the authoritative chain in domain names
> resolution: if a root server says that NSa and NSb are authoritative for
> domain D, but NSa says that instead NSc and NSd are, the resolver (which of
> course must apply "recursion", since you're not using a non-recursive DNS
> server for your standard queries, right?) yields two NS RR with NSc and NSd
> names in them, not with the ones defined by the root server.
Yes, delegation is the other, more usual, way that the nameserver in
the whois and TLD root server may differ. Some spammers do make use
of a lot of delegation, more than usual and sometimes in long chains
of delegation, but delegation beyond the typical glue records is not
necessarily the sign of a spam domain. In short, this may result in
false positives.
Jeff C.
|