Issues Caused by Spamhaus
In April 2018, BDNS experienced a wave of suspensions: 7 domain names were abruptly un-delegated and 1 API server was shut down and its account suspended under the accusation of "TOS violation". No prior notices were received.
Thanks to the redundancy, browser addons continued to work despite this event, only displaying occasional informational messages about unreachable resolver (and automatically retrying).
We are not a Botnet Controller
We have been reported that the domain name(s) 'bdns.name, bdns.tv', under your
control, are involved in propagating malware over the internet.
These domain name(s) are used to control infected computers (bots) using a so
called "botnet controller".
Please note, such activities are against our AUP.
Hence, we have suspended the domain name(s).
The first link read as follows (the second was entirely irrelevant):
Archived SBL Listing for SBL396825
126.96.36.199/32 was listed on the Spamhaus Block List - SBL
188.8.131.52/32 was listed on the Spamhaus Botnet Controller List - BCL
2018-03-30 16:43:11 GMT | solarcom.ch
QuantLoader botnet controller @184.108.40.206
The host at this IP address is obviously operated by cybercriminals.
It is running a malware botnet controller which is being used to control
infected computers (bots) around the globe using a trojan horse.
Malware botnet controller located at 220.127.116.11 on port 443 TCP:
$ telnet 18.104.22.168 443
Connected to 22.214.171.124.
Escape character is '^]'
$ nslookup 126.96.36.199
Other malicious domain names hosted on this IP address:
Referencing malware binaries:
13cfcb457cf08fc9d7356bdf2202eb7b - AV detection: 32/68 (47.06%)
5dae8c502582fe89fb1c83e3b4c0866e - AV detection: 11/68 (16.18%)
62b504d59b6e877dbd9fe49dc01fceae - AV detection: 4/66 (6.06%)
7b1caff26936d4d50ea146b08c7a3574 - AV detection: 18/68 (26.47%)
92769328e49f5c5cdd4d3967c8081a6b - AV detection: 8/64 (12.50%)
993e99d8463a42df283121864ec9d66f - AV detection: 18/66 (27.27%)
This made as much sense as banning root DNS servers because they propagate IPs of malware hubs to anyone who can do nslookup.
Of course, Spamhaus cared about this reasoning not at all:
We have reviewed the DBL listing for bdns[.]name and decided that
we will retain that listing at this time. We do not discuss criteria
for inclusion in DBL, however it includes many factors. Your domain
matches several of those criteria.
DBL listings expire over time, so if our systems do not see your
domain for a while it will drop out of DBL zone. Many factors which
affect your domain's reputation may also change over time, so by
engaging in good reputation practices it will eventually drop out of
DBL. For more information, please see DBL FAQ "Why is my domain listed
in DBL?" http://www.spamhaus.org/faq/section/Spamhaus%20DBL#371
The hosting company (solarcom.ch, with their numerous aliases - cloudc.me, incloudibly.net, coinshost.com and others) while agreeing this was not a ToS violation per se, promised to issue a refund but that never happened.
Measures were taken to disperse the infrastructure even further (kudos, prq). However, because some ISPs use Spamhaus blocklists to "protect" users, BDNS may be still unreachable in those parts of the world.
Find up-to-date list of domain names at GitHub.