Take "hotoptions.net" for example. It's impossible to lock them out.
Do a ping, tracerout, lookup, whatever... It all resolves to
"127.0.0.1". How? These spammers own their own registry.
; <<>> DiG 2.1 <<>> @ns1.earthlink.net hotoptions.net. ANY
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr rd ra; Ques: 1, Ans: 4, Auth: 2, Addit: 0
;; QUESTIONS:
;; hotoptions.net, type = ANY, class = IN
;; ANSWERS:
hotoptions.net. 2533 SOA ns1.directnic.com.
hostmaster.hotoptions.net. (
1047487529 serial
16384 refresh (4 hours 33 mins 4 secs)
2048 retry (34 mins 8 secs)
1048576 expire (12 days 3 hours 16 mins 16 secs)
2560 ) minimum (42 mins 40 secs)
hotoptions.net. 61942 A 127.0.0.1
hotoptions.net. 86373 NS ns0.directnic.com.
hotoptions.net. 86373 NS ns1.directnic.com.
;; AUTHORITY RECORDS:
hotoptions.net. 86373 NS ns0.directnic.com.
hotoptions.net. 86373 NS ns1.directnic.com.
;; Total query time: 12 msec
;; FROM: us.mirror.menandmice.com to SERVER: ns1.earthlink.net 207.217.126.41
;; WHEN: Wed Mar 12 09:51:44 2003
;; MSG SIZE sent: 32 rcvd: 172
