You can use any manual DNS tool, such as “host” or “dig”. You simply check if a DNS entry of type A exist in a respective DNS zone of the BlockList. For example for SpamHaus you check the *.zen.spamhaus.org zone. The checked IP address must be written reversely.

Example: To check IP 85.237.226.41, run the following command:

$ host 41.226.237.85.zen.spamhaus.org
41.226.237.85.zen.spamhaus.org has address 127.0.0.4

Here the IP is listed in the Block List, because it has a DNS entry.Here the query returned the address 127.0.0.4 – this has a special meaning. What do the 127.0.0.* Return Codes mean?

 

Return Code Source Notes
127.0.0.2 SBL Spamhaus Maintained
127.0.0.3 reserved for future use
127.0.0.4 XBL CBL Detected Address
127.0.0.5 XBL NJABL Proxies (customized)
127.0.0.6 XBL reserved for future use
127.0.0.7 XBL reserved for future use
127.0.0.8 XBL reserved for future use
127.0.0.9 reserved for future use
127.0.0.10 PBL ISP Maintained
127.0.0.11 PBL Spamhaus Maintained

 

Source of the table: http://www.spamhaus.org/faq/answers.lasso?section=DNSBL Usage#200

If the IP is not listed you get the following response:

$ host 48.41.9.158.zen.spamhaus.org
Host 48.41.9.158.zen.spamhaus.org not found: 3(NXDOMAIN)

The IP can be listed in several lists. In that case you get something like this:

$ host 48.41.9.58.zen.spamhaus.org
48.41.9.58.zen.spamhaus.org has address 127.0.0.4
48.41.9.58.zen.spamhaus.org has address 127.0.0.11

You can also get a description or link to further info why was the server blocked, by querying the TXT DNS record of the domain:

$ host -t TXT 41.226.237.85.zen.spamhaus.org
41.226.237.85.zen.spamhaus.org descriptive text "http://www.spamhaus.org/query/bl?ip=85.237.226.41"

.

How to manually check if IP is listed in a Block List?
Tagged on:             

Leave a Reply