Testing DQS
Querying DQS means performing DNS queries, therefore testing access to it requires relying on tools that can perform DNS queries at request.
One of the most common tools for this purpose is -in the UNIX environment- dig, and the following documentation will rely on it for the examples.
For testing purposes, all the databases containing IP data list the IP 127.0.0.2, so the easiest way to check that a DQS key is working properly is querying for that IP against the desired DNSBL zone. For example:
$ dig ANY 2.0.0.127.<key>.zen.dq.spamhaus.net +noall +answer
; <<>> DiG 9.10.6 <<>> ANY 2.0.0.127.<key>.zen.dq.spamhaus.net +noall +answer
;; global options: +cmd
2.0.0.127.<key>.zen.dq.spamhaus.net. 60 IN A 127.0.0.10
2.0.0.127.<key>.zen.dq.spamhaus.net. 60 IN A 127.0.0.2
2.0.0.127.<key>.zen.dq.spamhaus.net. 60 IN A 127.0.0.4
2.0.0.127.<key>.zen.dq.spamhaus.net. 60 IN TXT "https://www.spamhaus.org/query/ip/127.0.0.2"
2.0.0.127.<key>.zen.dq.spamhaus.net. 60 IN TXT "https://www.spamhaus.org/sbl/query/SBL2"
You may note that in the example above we’re performing a query for type ANY: this will, in general, return both the A and the TXT records.
In particular, the query against ZEN is returning
3
Arecords, one for each database composing the ZEN zone127.0.0.2for the SBL database127.0.0.4for the XBL database127.0.0.10for the PBL database
2
TXTrecordsone pointing to the public lookup and removal tool (
https://www.spamhaus.org/query/ip/127.0.0.2), provided by the XBL and PBL componentsone containing the pointer to the listing information provided for this IP, provided by the SBL component