Monthly Archives: September 2016

Apple harvest

Apple harvest and juice
Apple harvest

img_0511

Day 169

Day 169

Playing with ENTRADA, or Stop Using rbl.fnidder.dk!

Some months ago, I set up a small Hadoop platform to ingest DNS data through ENTRADA by SIDN Labs from my primary nameserver as a PoC. Unfortunately, I did not have time to actually look at the data until now. It turns out, it has collected a little over 30 million queries in that time, which of course can hardly be called big data. Here are some first impressions of what I can glean from the data.

DANE is starting to get used, mostly for e-mail, some jabber, and a few for The Web, and 3166 qureies in total.

DMARC is getting used as well, with a meagre 1237 queries, but that’s probably more a reflection of how much email I sent to Gmail, Yahoo! Mail, Hotmail, etc.

More surprisingly, which actually should not surprise anyone, is how much my private DNSBL rbl.fnidder.dk is still used, despite it being shut down, I can’t even remember how long ago, but it must be over 10 years. Once on the Internet, always on the Internet.

If anyone recognises themselves behind these IP addresses, go remove the list as it’s returning positive results for everything and is utterly useless to you.

select count(src) as count,src from queries where qname like ‘%rbl.fnidder.dk.’ group by src order by count desc;

src count
209.225.8.164 3585
200.189.161.34 3253
2401:1c00:0:103:0:0:0:3 1410
121.200.225.67 1376
200.189.161.35 1029
194.25.0.52 785
195.28.207.2 390
194.25.0.60 308
2003:40:4000:1:53:0:3:1 256
2003:40:4000:1:53:0:1:1 235
2003:40:4000:1:53:0:2:1 223
193.218.117.60 108
2003:56:0:1:53:0:1:1 108
2003:56:0:1:53:0:3:1 101
2003:56:0:1:53:0:2:1 96
195.50.140.51 90
195.28.207.14 44
46.218.232.98 33
195.50.140.53 28
217.237.148.88 18
2003:180:2:6000:53:0:9:1 15
2003:180:2:6000:53:0:12:1 15
195.50.140.45 12
2003:180:2:2000:53:0:13:1 12
217.237.149.219 12
2003:180:2:1000:53:0:9:1 10
2003:180:2:1000:53:0:13:1 9
195.50.140.59 9
217.237.148.84 9
60.234.2.148 9
217.237.151.218 8
195.50.140.52 8
217.237.149.222 6
2003:180:2:1000:53:0:15:1 6
217.237.148.90 5
203.144.207.45 4
2003:180:2:1000:53:0:10:1 4
195.50.140.44 4
217.237.151.217 4
2003:180:2:0:53:0:12:1 3
2003:180:2:1000:53:0:16:1 3
2003:180:2:1000:53:0:12:1 3
2003:180:2:1000:53:0:14:1 3
60.234.2.156 3
186.218.216.5 2
217.23.11.8 2
217.237.151.214 2
203.162.107.13 2
119.46.240.1 2
2003:180:2:6000:53:0:10:1 2
217.237.148.91 2
5.22.161.138 2
5.22.160.34 2
203.162.107.36 2
203.144.206.12 2
2403:6200:1:0:1:0:0:3 2
203.144.128.41 2
203.162.107.14 2
217.237.148.89 2
31.184.236.24 2
2003:180:2:2000:53:0:12:1 2
217.237.149.220 2
2600:3c02:0:0:0:0:0:5 2
203.162.107.6 2
27.68.251.142 2
217.237.151.35 2
204.194.239.19 2
203.144.207.12 2
72.68.153.110 2
46.166.165.131 1
217.237.151.215 1
210.245.24.72 1
217.237.149.211 1
217.237.148.85 1
201.10.132.5 1
2003:180:2:0:53:0:15:1 1
2801:80:60:1:189:90:160:1 1
45.33.99.176 1
2003:180:2:1000:53:0:11:1 1
88.73.206.254 1
2620:0:cc7:0:0:0:0:19 1
218.248.255.197 1
203.144.206.11 1
2003:180:2:2000:53:0:14:1 1
2003:180:2:2000:53:0:9:1 1
82.103.86.62 1
210.245.24.79 1
210.245.24.102 1
121.1.3.199 1
2607:5300:61:95c:0:0:0:0 1
82.163.143.10 1
2003:180:2:2000:53:0:15:1 1
210.245.24.101 1
217.237.151.220 1