1.1.1.1 Issue related to Spamhaus

I’m having an issue with 1.1.1.1 resolver.
All the ips that are checked against Spamhaus RBL are detected as being Open Resolver.

[[email protected] ~]# mtr 1.1.1.1 -n --report
Start: 2022-07-25T17:03:11+0300
HOST: lyssa.xxxx.net Loss% Snt Last Avg Best Wrst StDev
1.|-- 185.250.104.1 0.0% 10 0.2 0.3 0.2 0.4 0.1
2.|-- 212.146.104.181 0.0% 10 1.0 1.9 0.9 3.3 1.1
3.|-- 10.4.0.26 0.0% 10 8.4 6.6 6.0 8.4 0.8
4.|-- 10.4.0.21 0.0% 10 5.9 5.9 5.8 6.1 0.1
5.|-- 85.9.9.174 0.0% 10 6.0 6.5 6.0 8.2 0.7
6.|-- 149.14.244.17 0.0% 10 5.7 5.9 5.7 6.2 0.1
7.|-- 154.54.56.61 0.0% 10 13.1 13.2 13.0 13.4 0.2
8.|-- 149.14.58.106 0.0% 10 13.7 13.6 13.4 13.9 0.1
9.|-- 1.1.1.1 0.0% 10 12.9 12.9 12.9 13.0 0.0

[[email protected] ~]# dig @1.1.1.1 170.215.85.209.zen.spamhaus.org +short
127.255.255.254
[[email protected] ~]# dig @1.1.1.1 172.172.172.172.zen.spamhaus.org +short
127.255.255.254
[[email protected] ~]# dig @1.1.1.1 89.45.251.100.zen.spamhaus.org +short
127.255.255.254
[[email protected] ~]# dig @1.1.1.1 8.8.8.8.zen.spamhaus.org +short
127.255.255.254

Well…you are using an open resolver. Free for everybody to use.

2 Likes

You can find solutions at Spamhaus.

Hi,

No, I’m not an open resolver. The issue exists only if I use 1.1.1.1 as resolver.

[[email protected] ~]$ dig @lyssa.xxxx.net google.com +short
[[email protected] ~]$

Yes, because 1.1.1.1 is an open resolver. An open resolver is a recursive nameserver that will answer public queries.

1 Like

No, Is not the case.

From another server from other location.

[[email protected] ~]# dig @1.1.1.1 170.215.85.209.zen.spamhaus.org +short
[[email protected] ~]#

Is an issue only with that particular Edge to where I’m routed.
Can be related to the issue with WARP?

Doses it really matter? The posted Spamhaus policy says use your own resolvers from your own assigned IP space, or get an account.

Spamhaus isn’t a Cloudflare offering, and there isn’t anything that Cloudflare or the Community can do to change responses from Spamhaus DNS.

Seems that the issue is now resolved after Cloudflare marked as resolved the WARP incident.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.