1.1.1.1 Issue related to Spamhaus

ionut3 · July 25, 2022, 2:19pm

I’m having an issue with 1.1.1.1 resolver.
All the ips that are checked against Spamhaus RBL are detected as being Open Resolver.

[root@lyssa ~]# mtr 1.1.1.1 -n --report
Start: 2022-07-25T17:03:11+0300
HOST: lyssa.xxxx.net Loss% Snt Last Avg Best Wrst StDev
1.|-- 185.250.104.1 0.0% 10 0.2 0.3 0.2 0.4 0.1
2.|-- 212.146.104.181 0.0% 10 1.0 1.9 0.9 3.3 1.1
3.|-- 10.4.0.26 0.0% 10 8.4 6.6 6.0 8.4 0.8
4.|-- 10.4.0.21 0.0% 10 5.9 5.9 5.8 6.1 0.1
5.|-- 85.9.9.174 0.0% 10 6.0 6.5 6.0 8.2 0.7
6.|-- 149.14.244.17 0.0% 10 5.7 5.9 5.7 6.2 0.1
7.|-- 154.54.56.61 0.0% 10 13.1 13.2 13.0 13.4 0.2
8.|-- 149.14.58.106 0.0% 10 13.7 13.6 13.4 13.9 0.1
9.|-- 1.1.1.1 0.0% 10 12.9 12.9 12.9 13.0 0.0

[root@lyssa ~]# dig @1.1.1.1 170.215.85.209.zen.spamhaus.org +short
127.255.255.254
[root@lyssa ~]# dig @1.1.1.1 172.172.172.172.zen.spamhaus.org +short
127.255.255.254
[root@lyssa ~]# dig @1.1.1.1 89.45.251.100.zen.spamhaus.org +short
127.255.255.254
[root@lyssa ~]# dig @1.1.1.1 8.8.8.8.zen.spamhaus.org +short
127.255.255.254

sdayman · July 25, 2022, 2:26pm

Well…you are using an open resolver. Free for everybody to use.

epic.network · July 25, 2022, 2:27pm

You can find solutions at Spamhaus.

ionut3 · July 25, 2022, 2:30pm

Hi,

No, I’m not an open resolver. The issue exists only if I use 1.1.1.1 as resolver.

[ioni@ioni-work ~]$ dig @lyssa.xxxx.net google.com +short
[ioni@ioni-work ~]$

epic.network · July 25, 2022, 2:38pm

Yes, because 1.1.1.1 is an open resolver. An open resolver is a recursive nameserver that will answer public queries.

ionut3 · July 25, 2022, 2:42pm

No, Is not the case.

From another server from other location.

[root@eos ~]# dig @1.1.1.1 170.215.85.209.zen.spamhaus.org +short
[root@eos ~]#

Is an issue only with that particular Edge to where I’m routed.
Can be related to the issue with WARP?

epic.network · July 25, 2022, 2:52pm

Doses it really matter? The posted Spamhaus policy says use your own resolvers from your own assigned IP space, or get an account.

Spamhaus isn’t a Cloudflare offering, and there isn’t anything that Cloudflare or the Community can do to change responses from Spamhaus DNS.

ionut3 · July 25, 2022, 3:30pm

Seems that the issue is now resolved after Cloudflare marked as resolved the WARP incident.

system · July 28, 2022, 3:30pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cloudflare IP in RBL DNS & Network	2	1723	May 24, 2022
PSA - Using Spamhaus Blocklists with Cloudflare Public Resolver May Cause Issues 1.1.1.1	6	5420	April 3, 2022
Spamhaus RBL blocking Cloudflare IPs Website, Application, Performance	0	256	March 28, 2024
Error: open resolver 1.1.1.1	4	2088	October 26, 2022
CloudFlare Domain Server IP listed as a SPAM IP Security	2	3477	November 13, 2021

1.1.1.1 Issue related to Spamhaus

Related topics