Author Archives: Peter LeBlond

How blacklists work behind the scenes

Every now and then we get an email from a user who wants to know why our Blacklist tool shows them as being on a blacklist but when they use the check tool on the blacklist’s web page, it shows them as being clear or vice versa. A little bit of background on how DNSRBLs work will explain why this happens and I hope you find it helpful when trying to troubleshoot blacklist problems.

Blacklist Results

Blacklist operators generate lists of IP addresses or domain names that they would like to share with the world. DNS is a great way to publish IP addresses and hostnames in a very lightweight, fast, distributed way. The operator creates a domain zone and publishes records on their DNS server. So let’s say we create a blacklist called Example. We announce it to the world and let everybody know we are going to publish it at rbl.example.com. For every IP Address that we want to add to our list, we publish an A record in our zone. Mail servers would attempt to resolve the IP at our domain and if an A record is returned they would know that the IP in question is “on the blacklist”. Domain based lists work similarly.

Just like with all other DNS records, you do not need to always ask the DNS server that actually host the zone for an answer. In fact most DNS queries are made against nearby DNS servers. Most people first query their ISPs DNS servers. Many business networks are setup with a local DNS server for security as well as performance reasons. This way once one person gets an answer for the IP address google.com additional queries are returned very quickly without having to traverse the internet. How long these cached results are stored is determined by the time to live (TTL) settings that are configured by the owner of the zone. This means that in addition to determining who they want to put on their list, blacklist operators determine how long you should remain listed even after they remove you from the zone. They could do this for policy reasons or for performance of their DNS servers. But what it means is that every person who finds out that you are on the list will consider you “listed” until that TTL expires.

So I think you can see now how you could get a different answer from our tool than from the blacklists own check tool. Either we got a negative answer recently and are caching that and showing you as not listed when you in fact are, or we have a legitimate listing record on our server that hasn’t expired yet and we will show you listed even after you have been taken off at the source. It is important to realize that we report these cached results for the reason that this is what other email servers in the wild will see. If you get a positive result on our tool, once you request delisting you should check with the provider’s own check tool to see if you have been removed. Then you can see from our tool how long your TTL is before you will appear clean again to the email server’s of the world.

IPv6 Addresses added to MX record results

We continue to add support for IPv6 to our tools and this week we are going to start showing IPv6 addresses for Mail Exchange records that have AAAA records for their hostnames.

IPv6 in MX records

Our last blog post went over a lot of the basics of IPv6 for folks who would like some background. We are going to continue adding support for IPv6 in more of our tools over time as we strive to keep our tools as awesome as possible in the ever changing world of technology.

AAAA DNS Lookups are now available

world IPv6 launchWe have recently added the ability to perform AAAA record DNS lookups in order to resolve hostnames to IPv6 addresses. Here’s a bit of background on IPv6 and AAAA records.

DNS is the backbone of computer networking today. Every time you use a web browser or other internet connected technology that references a server by name, it uses DNS to turn that name into a numeric address. Since the early 1980′s that numeric address was an IPv4 IP address. These “IP Addresses” are 32-bit numbers that can be written as a decimal number from 0 to 4294967295. The IP for MxToolbox.com is currently written as a decimal number as 1075110789.  An easier to read “dotted quad” format is more popular, with 4 8-bit numbers from 0 to 255 separated by periods. In this notation the IP Address for MxToolbox.com is 64.20.227.133.

IPv4 has served well for over 30 years, but it has a limitation. It only has 4.29 billion addresses. In 1981 when specification was published, computers were large, shared, and not terribly common. Today many people have multiple computers and internet connected devices, each needing an address. The solution for this dilemma is IPv6, an update that brings with it an increase in address space. IPv6 allows for 340 billion, billion, billion, billion addresses, so we shouldn’t run out of room too soon.

Having so many addresses is critical, and the by far the largest benefit to IPv6, however trying to communicate such a large number is problematic. For example, as of the time of this blog post our tool reports that google.com resolves to 2607:f8b0:4000:804::1004. However that same IP Address can be written several different ways. Here’s that IP as 128 binary 1′s and 0′s - 100110000001111111100010110000010000000000000000001000000001000000000000000000000000000000000000000000000000000001000000000100. Another not very practical method is to use decimal numbers, in our case the address is written as 50552053919381933569817860797397733380. Here’s that number again with comma’s so you can get a grasp as to how large that number really is 50,552,053,919,381,933,569,817,860,797,397,733,380.

The most common way to write IPv6 is so use hexadecimal, which uses 0-9 and then a-f to represent 16 bits as a single character. Our IPv6 looks like this in hex 2607:f8b0:4000:0804:0000:0000:0000:1004. There are several methods for “compressing” this number to remove unneeded characters. You can turn any group of 0000 into just one 0, after all zero is zero. That gets you to 2607:f8b0:4000:0804:0:0:0:1004. However you can also replace any group of zeros with a single double colon so you get back to our optimal version which we return - 2607:f8b0:4000:0804::1004. You are only allowed to use the :: once per address.

IPv6 and it’s super large address pool is great, and some organizations are using it, but since it’s incompatible with IPv4 directly, there has been and will continue to be a long road as the internet transitions from the old version to the new one. Many people have IPv6 addresses and the AAAA DNS record is how those addresses are published. The path forward to implementing and converting networks to IPv6 is a much longer story and there are plenty of places to read about it online. But for now, if you want to lookup AAAA records and PTR records for IPv6, the MxToolbox tools are ready to help.

Network Solutions DNS problems

We have seen a large number of alert emails go out from our Monitoring System and they appear to be caused by problems with Network Solutions DNS  servers being intermittently unavailable. No word yet as to when it might be resolved.

Network Solutions Facebook – https://www.facebook.com/networksolutions
Network Solutions Twitter – https://twitter.com/netsolcares

You can check your DNS with our tool - http://mxtoolbox.com/DNSLookup.aspx. Network solutions servers names end with .worldnic.com.

August’s New Feature – SSL Certificate Analysis

http_url

We are trying to add a new monitor or feature every month at mxtoolbox.com and for August we have added SSL certificate analysis onto our HTTPS tool and monitor.

https_details

The new version of the HTTPS tool will still go and fetch a page at whatever https:// url you configure. This will make sure that the web server is online and serving pages. Just as with our HTTP monitor, you can include an optional word (or regular expression) that must be present on the page in order to pass, so you can configure the test to confirm an additional bit of status as well.

In addition, we have added SSL Certificate Analysis. We will inspect each link of the security chain for information and errors. In addition to errors, we will also issue a warning if any certificate in the chain is due to expire in less than one month. So you can use the lookup tool to quickly check your cert, and by adding a monitor, you will receive an alert when you are due to begin the process of obtaining a new certificate with plenty of time to obtain and install the new cert.

You will receive an alert if

  • DNS Check – If we can’t resolve your domain
  • Connectivity Check – If we can’t connect on port 443
  • Keyword Check- If your keyword is missing
  • Performance Check – If your page doesn’t return within 15 seconds
  • Certificate Validity Check – If your certificate is invalid
  • Expiration Check – If your certificate is expired
  • Expiration Reminder – If your certificate expires within a month

New Feature – Notification Delay

We have just introduced a new monitoring feature called “Notification Delay,” which allows you to adjust how long a Monitor must be down before generating a problem alert.

Most of our monitors are high priority–we are notified immediately if there is a problem. However, we have a few that are less important like batch jobs and non-critical systems. Notification is only necessary if they have been down for a longer period of time (maybe 30 minutes or an hour). Another example is automatic maintenance jobs over the weekend that briefly shut down some services and notification is only necessary if something has been down longer than expected.

You can set the delay on the monitor details screen which you can get to from the Monitor Tree, your Dashboard, or your main Monitors list. For your convenience we have put a link directly to the details in all alert emails.
Nofitication-Delay Screenshot 1

The default value is to Send Immediately. You can choose values of 15 minutes, 30 minutes, 1, 2 or 4 hours of sensitivity.

Nofitication-Delay Screenshot 2

Please note, notification delay is only applicable to MxToolBox “transactional” monitors such as Mailflow, SMTP, TCP, HTTP, and HTTPS. There is not a notification delay setting on Blacklist monitors. To adjust blacklist notification frequencies, contact support to activate the Summary Alert Message (SAM) feature that generates alert reports containing all of your monitors that are in transition in one nicely formatted email message.

Notification Delay is available now to all of our paid users. If you’ve thought about upgrading your free account, now is the time!

New User Interface Design for MxToolbox.com

vt_logo


4/1/2013

MxToolBox constantly works to make our free public DNS, email and diagnostic tools better. We are announcing a major leap forward in user interface technology. We invite everyone to preview the new MxToolBox.

vt_example

vt_term
VT100 technology is now ubiquitous, and represents a major improvement over the outdated VT52 protocol which, let’s be honest, had some limitations. The additional character sets and escape sequences allow the kind of cutting-edge branding and logos marketing teams demand today. User interface developers are now able to deliver the highest possible user experience.

While other websites are stuck with outdated HTML5 technology, MxToolbox is now able to serve users with almost any hardware, including most terminal introduced after August of 1978. VT100 apps are also available for all major smart phone platforms. Well, at least IOS and Android…we’re not sure about Blackberry.

The reduced bandwidth requirements will especially benefit our users in the US, of which an estimated 10 million still have dial-up internet access, with 3 million on AOL alone. With much higher connection speeds, we don’t think the rest of the world will see much performance benefit.

The existing version will continue to be available while the new interface is in beta.

Our future technologies division encourages your feedback and if we can get 1,000 “likes” on Facebook, our management has promised to purchase us a 14.4 Kbps modem!

Controlling Alert Notifications

Notifications MenuNotifications Settings

We recently had someone who uses MxToolbox monitoring contact us with a question of how he could avoid getting blacklist alerts on his phone in the middle of the night while still being able to get mobile alerts for critical things like his MailFlow monitor.

There are a couple of ways to manage your notifications and I wanted to share them here and show how you could use them to take control of the communication we send you.

You can access the Notifications settings under the main settings menu in the upper right.

Main Notification Grid

Notifications Grid

Here you will be presented with all of your monitors and which type of notifications they are configured to send out. You can filter this list to find only monitors that match your criteria and you can use the top checkboxes to turn all of the monitors on or off with a single click. This way you can decide what comes to your inbox and what comes to your phone. If you like, you can configure a monitor to never send notifications at all. More on that later.

Default Notification Options

Default Notification Settings for New Monitors

On your main settings page you can also configure your account to set default options for any new monitors that are created. This is especially helpful if you frequently add monitors and do not wish to get mobile alerts by default.

 

Blacklist Summary Settings

Blacklist Summary Settings

I also mentioned before that you might choose to not receive any notifications for some monitors. If you have many IP Addresses that you are keeping tabs on instead of being notified as each IP goes on and off a list, you can select to receive a helpful summary email which shows the status of all of your blacklist monitors. You can choose these to be generated anywhere from hourly to monthly and choose what time they are mailed to you. These settings are also located on the main settings page.

 

Domain based blacklist monitoring added

Domain Blacklist

Thousand of companies from around the world use MxToolBox’s blacklist lookup and monitoring tools to keep their online reputation safe.  This service checks your IP Address against multiple blacklists to tell you if your server is blacklisted.  Today we are adding domain-based blacklist lookups to the tools.

These domain blacklists (RHBLs, or Right-handed black lists) are an increasingly popular way to attempt to cut down on spam and fraud.  They work like this.  Instead of a server’s IP being listed, an entire domain name could be listed.  For example, if your domain name is example.com, companies may look at the From: field and the body of an email message to see if they contain links to that domain name.

Keep in mind that MxToolBox does not run or endorse any of these lists, and users of our paid monitoring service can opt to “Ignore” these lists from their tool results and monitoring alerts.

All you need to do is run a blacklist check like normal on the website, but instead of entering an IP address, you just enter a domain name (example.com).  MxToolBox will detect that you have entered a domain name and run BOTH the “normal” IP based lists and the domain-based ones as well.

We have added a few new lists this week and expect to add more over the coming weeks.  Anyone can run a domain-based lookup on our web site for free, and users of our paid service can subscribe to alerts on these.

Your next blacklist summary email should reflect these new blacklists for any domain based monitors you have.

Main image courtesy of ivanpw