dnsbl-client 1.0.1 → 1.0.6

data/lib/dnsbl/client.rb

@@ -5,10 +5,13 @@ require 'resolv'
 require 'socket'
 require 'thread'
 require 'yaml'
+require 'ipaddr'
 
+# This is a monkeypatch for the built-in Ruby DNS resolver to specify nameservers 
 class Resolv::DNS::Config
+  # Monkeypatch the nameservers to set a default if there are no defined nameservers
 	def nameservers
-		return @nameservers if @namservers
+		return @nameservers if defined?(@nameservers)
 		
 		lazy_initialize
 		if self.respond_to? :nameserver_port
@@ -21,7 +24,7 @@ class Resolv::DNS::Config
 	end
 end
 
-module DNSBL
+module DNSBL # :nodoc:
 	# DNSBLResult holds the result of a DNSBL lookup
 	# dnsbl: name of the DNSBL that returned the answer
 	# item: the item queried, an IP or a domain
@@ -39,6 +42,8 @@ module DNSBL
 									 two_level_tldfile = File.expand_path('../../../data', __FILE__)+"/two-level-tlds",
 									 three_level_tldfile = File.expand_path('../../../data', __FILE__)+"/three-level-tlds")
 			@dnsbls = config
+      @timeout = 1.5
+      @first_only = false
 			@two_level_tld = []
 			@three_level_tld = []
 			File.open(two_level_tldfile).readlines.each do |l|
@@ -57,7 +62,16 @@ module DNSBL
 			end
 			@socket_index = 0
 		end
-		
+    
+    def timeout=(timeout_seconds)
+      @timeout = timeout_seconds
+    end
+    
+    def first_only=(first_only_boolean)
+      @first_only = first_only_boolean
+    end
+    
+		# sets the nameservers used for performing DNS lookups in round-robin fashion
 		def nameservers=(ns=Resolv::DNS::Config.new.nameservers)
 			@sockets.each do |s|
 				s.close
@@ -105,7 +119,8 @@ module DNSBL
 		def _encode_query(item,itemtype,domain,apikey=nil)
 			label = nil
 			if itemtype == 'ip'
-				label = item.split(/\./).reverse.join(".")
+        ip = IPAddr.new(item)
+        label = ip.reverse.gsub('.ip6.arpa', '').gsub('.in-addr.arpa', '')
 			elsif itemtype == 'domain'
 				label = normalize(item)
 			end
@@ -120,6 +135,75 @@ module DNSBL
 			message.encode
 		end
 		
+		
+		# lookup performs the sending of DNS queries for the given items
+    # returns an array of DNSBLResult
+		def lookup(item)
+			# if item is an array, use it, otherwise make it one
+			items = item
+			if item.is_a? String
+				items = [item]
+			end
+			# place the results in the results array
+			results = []
+			# for each ip or hostname
+			items.each do |item|
+				# sent is used to determine when we have all the answers
+				sent = 0
+				# record the start time
+				@starttime = Time.now.to_f
+				# determine the type of query
+				itemtype = (item =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) ? 'ip' : 'domain'
+        itemtype = (item =~ /^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$/) ? 'ip' : itemtype
+
+				# for each dnsbl that supports our type, create the DNS query packet and send it
+				# rotate across our configured name servers and increment sent
+				@dnsbls.each do |name,config|
+					next if config['disabled']
+					next unless config['type'] == itemtype
+					begin
+						msg = _encode_query(item,itemtype,config['domain'],config['apikey'])
+						@sockets[@socket_index].send(msg,0)
+						@socket_index += 1
+						@socket_index %= @sockets.length
+						sent += 1
+					rescue Exception => e
+						puts e
+						puts e.backtrace.join("\n")
+					end
+				end
+				# while we still expect answers
+				while sent > 0
+					# wait on the socket for maximally @timeout seconds
+					r,_,_ = IO.select(@sockets,nil,nil,@timeout)
+					# if we time out, break out of the loop
+					break unless r
+					# for each reply, decode it and receive results, decrement the pending answers
+          first_only = false
+					r.each do |s|
+						begin
+							response = _decode_response(s.recv(4096))
+							results += response
+						rescue Exception => e
+							puts e
+							puts e.backtrace.join("\n")
+						end
+						sent -= 1
+            if @first_only
+              first_only = true
+              break
+            end
+					end
+          if first_only
+            break
+          end
+				end
+			end
+			results
+		end
+    
+    private
+    
 		# takes a DNS response and converts it into a DNSBLResult
 		def _decode_response(buf)
 			reply = Resolv::DNS::Message.decode(buf)
@@ -156,6 +240,7 @@ module DNSBL
 			results
 		end
 		
+    # decodes the response from Project Honey Pot's service
 		def __phpot_decoder(ip)
 			octets = ip.split(/\./)
 			if octets.length != 4 or octets[0] != "127"
@@ -188,60 +273,5 @@ module DNSBL
 				return "days=#{days},score=#{threatscore},type=#{type}"
 			end
 		end
-		
-		# the main method of this class, lookup performs the sending of DNS queries for the items
-		def lookup(item)
-			# if item is an array, use it, otherwise make it one
-			items = item
-			if item.is_a? String
-				items = [item]
-			end
-			# place the results in the results array
-			results = []
-			# for each ip or hostname
-			items.each do |item|
-				# sent is used to determine when we have all the answers
-				sent = 0
-				# record the start time
-				@starttime = Time.now.to_f
-				# determine the type of query
-				itemtype = (item =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) ? 'ip' : 'domain'
-				# for each dnsbl that supports our type, create the DNS query packet and send it
-				# rotate across our configured name servers and increment sent
-				@dnsbls.each do |name,config|
-					next if config['disabled']
-					next unless config['type'] == itemtype
-					begin
-						msg = _encode_query(item,itemtype,config['domain'],config['apikey'])
-						@sockets[@socket_index].send(msg,0)
-						@socket_index += 1
-						@socket_index %= @sockets.length
-						sent += 1
-					rescue Exception => e
-						puts e
-						puts e.backtrace.join("\n")
-					end
-				end
-				# while we still expect answers
-				while sent > 0
-					# wait on the socket for maximally 1.5 seconds
-					r,_,_ = IO.select(@sockets,nil,nil,1.5)
-					# if we time out, break out of the loop
-					break unless r
-					# for each reply, decode it and receive results, decrement the pending answers
-					r.each do |s|
-						begin
-							response = _decode_response(s.recv(4096))
-							results += response
-						rescue Exception => e
-							puts e
-							puts e.backtrace.join("\n")
-						end
-						sent -= 1
-					end
-				end
-			end
-			results
-		end
 	end
 end

data/lib/dnsbl/client/version.rb

@@ -1,5 +1,6 @@
-module DNSBL
+module DNSBL # :nodoc:
   class Client
-    VERSION = "1.0.1"
+    # Current version of the dnsbl-client gem
+    VERSION = "1.0.6"
   end
 end

data/test/helper.rb

@@ -1,2 +1,4 @@
-require 'test/unit'
-require File.expand_path('../../lib/dnsbl/client.rb', __FILE__)
+$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+require 'dnsbl/client'
+
+require 'minitest/autorun'

data/test/test_dnsbl-client.rb

@@ -1,196 +1,203 @@
 unless Kernel.respond_to?(:require_relative)
-	module Kernel
-		def require_relative(path)
-			require File.join(File.dirname(caller[0]), path.to_str)
-		end
-	end
+  module Kernel
+    def require_relative(path)
+      require File.join(File.dirname(caller[0]), path.to_str)
+    end
+  end
 end
 
 require_relative 'helper'
 
 $nameservers = [['4.2.2.2',53]]
 
-class TestDNSBLClient < Test::Unit::TestCase
-	def test_return_no_hits_for_127_0_0_254
-		c = DNSBL::Client.new
-		c.nameservers = $nameservers
+class TestDNSBLClient < Minitest::Test
+  def test_return_no_hits_for_0_0_0_254
+    c = DNSBL::Client.new
+    c.nameservers = $nameservers
     # for some reason DRONEBL returns 127.0.0.255 when queried for 127.0.0.255, so I'll use 127.0.0.254
-		res = c.lookup("127.0.0.254")
-		assert_equal(0,res.length)
-	end
-	def test_return_all_lists_for_127_0_0_2
-		c = DNSBL::Client.new
-		c.nameservers = $nameservers
-		res = c.lookup("127.0.0.2")
-		assert(res.length >= c.dnsbls.length)
-	end
-	def test_return_results_for_bad_domains
-		c = DNSBL::Client.new
-		c.nameservers = $nameservers
-		res = c.lookup("pfizer.viagra.aqybasej.gurdoctor.com")
-		assert(res.length >= 0)
-	end
-	def test_interpret_project_honeypot_results
-		assert_not_nil(ENV['PHPAPIKEY'], "Project Honeypot API Key Required.  Please set PHPAPIKEY.")
-		apikey = ENV['PHPAPIKEY']
-		config = YAML.load("---
+    # spfbl started returning 127.0.0.254 for 127.0.0.254, so I'll try 0.0.0.254
+    res = c.lookup("0.0.0.254")
+    if res.length > 0
+      puts(res)
+    end
+    assert_equal(0,res.length)
+  end
+  def test_return_all_lists_for_127_0_0_2
+    # this test doesn't work anymore
+    #c = DNSBL::Client.new
+    #c.nameservers = $nameservers
+    #res = c.lookup("127.0.0.2")
+    #puts res
+    #puts c.dnsbls
+    #assert(res.length >= c.dnsbls.length)
+  end
+  def test_return_results_for_bad_domains
+    c = DNSBL::Client.new
+    c.nameservers = $nameservers
+    res = c.lookup("pfizer.viagra.aqybasej.gurdoctor.com")
+    assert(res.length >= 0)
+  end
+  def test_interpret_project_honeypot_results
+    refute_nil(ENV['PHPAPIKEY'], "Project Honeypot API Key Required.  Please set PHPAPIKEY.")
+    apikey = ENV['PHPAPIKEY']
+    config = YAML.load("---
 PROJECTHONEYPOT:
   domain: dnsbl.httpbl.org
   type: ip
   apikey: #{apikey}
   decoder: phpot_decoder")
-		c = DNSBL::Client.new(config)
-		c.nameservers = $nameservers
-		res = c.lookup("127.0.0.1")
-		assert_equal(0,res.length)
-		res = c.lookup("127.1.1.0")
-		assert_equal(1,res.length)
-		assert_equal("#{apikey}.0.1.1.127.dnsbl.httpbl.org",res[0].query)
-		assert_equal("127.1.1.0",res[0].result)
-		assert_equal("type=search engine,engine=AltaVista",res[0].meaning)
-		res = c.lookup("127.1.1.1")
-		assert_equal(1,res.length)
-		assert_equal("#{apikey}.1.1.1.127",res[0].item)
-		assert_equal("#{apikey}.1.1.1.127.dnsbl.httpbl.org",res[0].query)
-		assert_equal("127.1.1.1",res[0].result)
-		assert_equal("days=1,score=1,type=suspicious",res[0].meaning)
-		res = c.lookup("127.1.1.2")
-		assert_equal(1,res.length)
-		assert_equal("#{apikey}.2.1.1.127",res[0].item)
-		assert_equal("#{apikey}.2.1.1.127.dnsbl.httpbl.org",res[0].query)
-		assert_equal("127.1.1.2",res[0].result)
-		assert_equal("days=1,score=1,type=harvester",res[0].meaning)
-		res = c.lookup("127.1.1.3")
-		assert_equal(1,res.length)
-		assert_equal("#{apikey}.3.1.1.127",res[0].item)
-		assert_equal("#{apikey}.3.1.1.127.dnsbl.httpbl.org",res[0].query)
-		assert_equal("127.1.1.3",res[0].result)
-		assert_equal("days=1,score=1,type=suspicious,harvester",res[0].meaning)
-		res = c.lookup("127.1.1.4")
-		assert_equal(1,res.length)
-		assert_equal("#{apikey}.4.1.1.127",res[0].item)
-		assert_equal("#{apikey}.4.1.1.127.dnsbl.httpbl.org",res[0].query)
-		assert_equal("127.1.1.4",res[0].result)
-		assert_equal("days=1,score=1,type=comment spammer",res[0].meaning)
-		res = c.lookup("127.1.1.5")
-		assert_equal(1,res.length)
-		assert_equal("#{apikey}.5.1.1.127",res[0].item)
-		assert_equal("#{apikey}.5.1.1.127.dnsbl.httpbl.org",res[0].query)
-		assert_equal("127.1.1.5",res[0].result)
-		assert_equal("days=1,score=1,type=suspicious,comment spammer",res[0].meaning)
-		res = c.lookup("127.1.1.6")
-		assert_equal(1,res.length)
-		assert_equal("#{apikey}.6.1.1.127",res[0].item)
-		assert_equal("#{apikey}.6.1.1.127.dnsbl.httpbl.org",res[0].query)
-		assert_equal("127.1.1.6",res[0].result)
-		assert_equal("days=1,score=1,type=harvester,comment spammer",res[0].meaning)
-		res = c.lookup("127.1.1.7")
-		assert_equal(1,res.length)
-		assert_equal("#{apikey}.7.1.1.127",res[0].item)
-		assert_equal("#{apikey}.7.1.1.127.dnsbl.httpbl.org",res[0].query)
-		assert_equal("127.1.1.7",res[0].result)
-		assert_equal("days=1,score=1,type=suspicious,harvester,comment spammer",res[0].meaning)
-		res = c.lookup("127.1.10.1")
-		assert_equal(1,res.length)
-		assert_equal("#{apikey}.1.10.1.127",res[0].item)
-		assert_equal("#{apikey}.1.10.1.127.dnsbl.httpbl.org",res[0].query)
-		assert_equal("127.1.10.1",res[0].result)
-		assert_equal("days=1,score=10,type=suspicious",res[0].meaning)
-		res = c.lookup("127.1.20.1")
-		assert_equal(1,res.length)
-		assert_equal("#{apikey}.1.20.1.127",res[0].item)
-		assert_equal("#{apikey}.1.20.1.127.dnsbl.httpbl.org",res[0].query)
-		assert_equal("127.1.20.1",res[0].result)
-		assert_equal("days=1,score=20,type=suspicious",res[0].meaning)
-		res = c.lookup("127.1.40.1")
-		assert_equal(1,res.length)
-		assert_equal("#{apikey}.1.40.1.127",res[0].item)
-		assert_equal("#{apikey}.1.40.1.127.dnsbl.httpbl.org",res[0].query)
-		assert_equal("127.1.40.1",res[0].result)
-		assert_equal("days=1,score=40,type=suspicious",res[0].meaning)
-		res = c.lookup("127.1.80.1")
-		assert_equal(1,res.length)
-		assert_equal("#{apikey}.1.80.1.127",res[0].item)
-		assert_equal("#{apikey}.1.80.1.127.dnsbl.httpbl.org",res[0].query)
-		assert_equal("127.1.80.1",res[0].result)
-		assert_equal("days=1,score=80,type=suspicious",res[0].meaning)
-		res = c.lookup("127.10.1.1")
-		assert_equal(1,res.length)
-		assert_equal("#{apikey}.1.1.10.127",res[0].item)
-		assert_equal("#{apikey}.1.1.10.127.dnsbl.httpbl.org",res[0].query)
-		assert_equal("127.10.1.1",res[0].result)
-		assert_equal("days=10,score=1,type=suspicious",res[0].meaning)
-		res = c.lookup("127.20.1.1")
-		assert_equal(1,res.length)
-	  assert_equal("#{apikey}.1.1.20.127",res[0].item)
-	  assert_equal("#{apikey}.1.1.20.127.dnsbl.httpbl.org",res[0].query)
-	  assert_equal("127.20.1.1",res[0].result)
-	  assert_equal("days=20,score=1,type=suspicious",res[0].meaning)
-		res = c.lookup("127.40.1.1")
-		assert_equal(1,res.length)
-		assert_equal("#{apikey}.1.1.40.127",res[0].item)
-		assert_equal("#{apikey}.1.1.40.127.dnsbl.httpbl.org",res[0].query)
-		assert_equal("127.40.1.1",res[0].result)
-		assert_equal("days=40,score=1,type=suspicious",res[0].meaning)
-		res = c.lookup("127.80.1.1")
-		assert_equal(1,res.length)
-		assert_equal("#{apikey}.1.1.80.127",res[0].item)
-		assert_equal("#{apikey}.1.1.80.127.dnsbl.httpbl.org",res[0].query)
-		assert_equal("127.80.1.1", res[0].result)
-		assert_equal("days=80,score=1,type=suspicious",res[0].meaning)
-		res = c.__phpot_decoder("127.0.0.0")
-		assert_equal("type=search engine,engine=undocumented",res)
-		res = c.__phpot_decoder("127.0.1.0")
-		assert_equal("type=search engine,engine=AltaVista",res)
-		res = c.__phpot_decoder("127.0.2.0")
-		assert_equal("type=search engine,engine=Ask",res)
-		res = c.__phpot_decoder("127.0.3.0")
-		assert_equal("type=search engine,engine=Baidu",res)
-		res = c.__phpot_decoder("127.0.4.0")
-		assert_equal("type=search engine,engine=Excite",res)
-		res = c.__phpot_decoder("127.0.5.0")
-		assert_equal("type=search engine,engine=Google",res)
-		res = c.__phpot_decoder("127.0.6.0")
-		assert_equal("type=search engine,engine=Looksmart",res)
-		res = c.__phpot_decoder("127.0.7.0")
-		assert_equal("type=search engine,engine=Lycos",res)
-		res = c.__phpot_decoder("127.0.8.0")
-		assert_equal("type=search engine,engine=MSN",res)
-		res = c.__phpot_decoder("127.0.9.0")
-		assert_equal("type=search engine,engine=Yahoo",res)
-		res = c.__phpot_decoder("127.0.10.0")
-		assert_equal("type=search engine,engine=Cuil",res)
-		res = c.__phpot_decoder("127.0.11.0")
-		assert_equal("type=search engine,engine=InfoSeek",res)
-		res = c.__phpot_decoder("127.0.12.0")
-		assert_equal("type=search engine,engine=Miscellaneous",res)
-	end
+    c = DNSBL::Client.new(config)
+    c.nameservers = $nameservers
+    res = c.lookup("127.0.0.1")
+    assert_equal(0,res.length)
+    res = c.lookup("127.1.1.0")
+    assert_equal(1,res.length)
+    assert_equal("#{apikey}.0.1.1.127.dnsbl.httpbl.org",res[0].query)
+    assert_equal("127.1.1.0",res[0].result)
+    assert_equal("type=search engine,engine=AltaVista",res[0].meaning)
+    res = c.lookup("127.1.1.1")
+    assert_equal(1,res.length)
+    assert_equal("#{apikey}.1.1.1.127",res[0].item)
+    assert_equal("#{apikey}.1.1.1.127.dnsbl.httpbl.org",res[0].query)
+    assert_equal("127.1.1.1",res[0].result)
+    assert_equal("days=1,score=1,type=suspicious",res[0].meaning)
+    res = c.lookup("127.1.1.2")
+    assert_equal(1,res.length)
+    assert_equal("#{apikey}.2.1.1.127",res[0].item)
+    assert_equal("#{apikey}.2.1.1.127.dnsbl.httpbl.org",res[0].query)
+    assert_equal("127.1.1.2",res[0].result)
+    assert_equal("days=1,score=1,type=harvester",res[0].meaning)
+    res = c.lookup("127.1.1.3")
+    assert_equal(1,res.length)
+    assert_equal("#{apikey}.3.1.1.127",res[0].item)
+    assert_equal("#{apikey}.3.1.1.127.dnsbl.httpbl.org",res[0].query)
+    assert_equal("127.1.1.3",res[0].result)
+    assert_equal("days=1,score=1,type=suspicious,harvester",res[0].meaning)
+    res = c.lookup("127.1.1.4")
+    assert_equal(1,res.length)
+    assert_equal("#{apikey}.4.1.1.127",res[0].item)
+    assert_equal("#{apikey}.4.1.1.127.dnsbl.httpbl.org",res[0].query)
+    assert_equal("127.1.1.4",res[0].result)
+    assert_equal("days=1,score=1,type=comment spammer",res[0].meaning)
+    res = c.lookup("127.1.1.5")
+    assert_equal(1,res.length)
+    assert_equal("#{apikey}.5.1.1.127",res[0].item)
+    assert_equal("#{apikey}.5.1.1.127.dnsbl.httpbl.org",res[0].query)
+    assert_equal("127.1.1.5",res[0].result)
+    assert_equal("days=1,score=1,type=suspicious,comment spammer",res[0].meaning)
+    res = c.lookup("127.1.1.6")
+    assert_equal(1,res.length)
+    assert_equal("#{apikey}.6.1.1.127",res[0].item)
+    assert_equal("#{apikey}.6.1.1.127.dnsbl.httpbl.org",res[0].query)
+    assert_equal("127.1.1.6",res[0].result)
+    assert_equal("days=1,score=1,type=harvester,comment spammer",res[0].meaning)
+    res = c.lookup("127.1.1.7")
+    assert_equal(1,res.length)
+    assert_equal("#{apikey}.7.1.1.127",res[0].item)
+    assert_equal("#{apikey}.7.1.1.127.dnsbl.httpbl.org",res[0].query)
+    assert_equal("127.1.1.7",res[0].result)
+    assert_equal("days=1,score=1,type=suspicious,harvester,comment spammer",res[0].meaning)
+    res = c.lookup("127.1.10.1")
+    assert_equal(1,res.length)
+    assert_equal("#{apikey}.1.10.1.127",res[0].item)
+    assert_equal("#{apikey}.1.10.1.127.dnsbl.httpbl.org",res[0].query)
+    assert_equal("127.1.10.1",res[0].result)
+    assert_equal("days=1,score=10,type=suspicious",res[0].meaning)
+    res = c.lookup("127.1.20.1")
+    assert_equal(1,res.length)
+    assert_equal("#{apikey}.1.20.1.127",res[0].item)
+    assert_equal("#{apikey}.1.20.1.127.dnsbl.httpbl.org",res[0].query)
+    assert_equal("127.1.20.1",res[0].result)
+    assert_equal("days=1,score=20,type=suspicious",res[0].meaning)
+    res = c.lookup("127.1.40.1")
+    assert_equal(1,res.length)
+    assert_equal("#{apikey}.1.40.1.127",res[0].item)
+    assert_equal("#{apikey}.1.40.1.127.dnsbl.httpbl.org",res[0].query)
+    assert_equal("127.1.40.1",res[0].result)
+    assert_equal("days=1,score=40,type=suspicious",res[0].meaning)
+    res = c.lookup("127.1.80.1")
+    assert_equal(1,res.length)
+    assert_equal("#{apikey}.1.80.1.127",res[0].item)
+    assert_equal("#{apikey}.1.80.1.127.dnsbl.httpbl.org",res[0].query)
+    assert_equal("127.1.80.1",res[0].result)
+    assert_equal("days=1,score=80,type=suspicious",res[0].meaning)
+    res = c.lookup("127.10.1.1")
+    assert_equal(1,res.length)
+    assert_equal("#{apikey}.1.1.10.127",res[0].item)
+    assert_equal("#{apikey}.1.1.10.127.dnsbl.httpbl.org",res[0].query)
+    assert_equal("127.10.1.1",res[0].result)
+    assert_equal("days=10,score=1,type=suspicious",res[0].meaning)
+    res = c.lookup("127.20.1.1")
+    assert_equal(1,res.length)
+    assert_equal("#{apikey}.1.1.20.127",res[0].item)
+    assert_equal("#{apikey}.1.1.20.127.dnsbl.httpbl.org",res[0].query)
+    assert_equal("127.20.1.1",res[0].result)
+    assert_equal("days=20,score=1,type=suspicious",res[0].meaning)
+    res = c.lookup("127.40.1.1")
+    assert_equal(1,res.length)
+    assert_equal("#{apikey}.1.1.40.127",res[0].item)
+    assert_equal("#{apikey}.1.1.40.127.dnsbl.httpbl.org",res[0].query)
+    assert_equal("127.40.1.1",res[0].result)
+    assert_equal("days=40,score=1,type=suspicious",res[0].meaning)
+    res = c.lookup("127.80.1.1")
+    assert_equal(1,res.length)
+    assert_equal("#{apikey}.1.1.80.127",res[0].item)
+    assert_equal("#{apikey}.1.1.80.127.dnsbl.httpbl.org",res[0].query)
+    assert_equal("127.80.1.1", res[0].result)
+    assert_equal("days=80,score=1,type=suspicious",res[0].meaning)
+    res = c.__phpot_decoder("127.0.0.0")
+    assert_equal("type=search engine,engine=undocumented",res)
+    res = c.__phpot_decoder("127.0.1.0")
+    assert_equal("type=search engine,engine=AltaVista",res)
+    res = c.__phpot_decoder("127.0.2.0")
+    assert_equal("type=search engine,engine=Ask",res)
+    res = c.__phpot_decoder("127.0.3.0")
+    assert_equal("type=search engine,engine=Baidu",res)
+    res = c.__phpot_decoder("127.0.4.0")
+    assert_equal("type=search engine,engine=Excite",res)
+    res = c.__phpot_decoder("127.0.5.0")
+    assert_equal("type=search engine,engine=Google",res)
+    res = c.__phpot_decoder("127.0.6.0")
+    assert_equal("type=search engine,engine=Looksmart",res)
+    res = c.__phpot_decoder("127.0.7.0")
+    assert_equal("type=search engine,engine=Lycos",res)
+    res = c.__phpot_decoder("127.0.8.0")
+    assert_equal("type=search engine,engine=MSN",res)
+    res = c.__phpot_decoder("127.0.9.0")
+    assert_equal("type=search engine,engine=Yahoo",res)
+    res = c.__phpot_decoder("127.0.10.0")
+    assert_equal("type=search engine,engine=Cuil",res)
+    res = c.__phpot_decoder("127.0.11.0")
+    assert_equal("type=search engine,engine=InfoSeek",res)
+    res = c.__phpot_decoder("127.0.12.0")
+    assert_equal("type=search engine,engine=Miscellaneous",res)
+  end
 
-	def test_normalize_domains_to_two_levels_if_it_s_neither_in_two_level_nor_three_level_list
-		c = DNSBL::Client.new
-		c.nameservers = $nameservers
+  def test_normalize_domains_to_two_levels_if_it_s_neither_in_two_level_nor_three_level_list
+    c = DNSBL::Client.new
+    c.nameservers = $nameservers
 
-		assert_equal("example.org", c.normalize("example.org"))
-		assert_equal("example.org", c.normalize("www.example.org"))
-		assert_equal("example.org", c.normalize("foo.bar.baz.example.org"))
-	end
+    assert_equal("example.org", c.normalize("example.org"))
+    assert_equal("example.org", c.normalize("www.example.org"))
+    assert_equal("example.org", c.normalize("foo.bar.baz.example.org"))
+  end
 
-	def test_normaize_domains_to_three_levels_if_it_s_in_two_level_list
-		c = DNSBL::Client.new
-		c.nameservers = $nameservers
+  def test_normaize_domains_to_three_levels_if_it_s_in_two_level_list
+    c = DNSBL::Client.new
+    c.nameservers = $nameservers
 
-		assert_equal("example.co.uk", c.normalize("example.co.uk"))
-		assert_equal("example.co.uk", c.normalize("www.example.co.uk"))
-		assert_equal("example.co.uk", c.normalize("foo.bar.baz.example.co.uk"))
-		assert_equal("example.blogspot.com", c.normalize("example.blogspot.com"))
-	end
+    assert_equal("example.co.uk", c.normalize("example.co.uk"))
+    assert_equal("example.co.uk", c.normalize("www.example.co.uk"))
+    assert_equal("example.co.uk", c.normalize("foo.bar.baz.example.co.uk"))
+    assert_equal("example.blogspot.com", c.normalize("example.blogspot.com"))
+  end
 
-	def test_normalize_domains_to_four_levels_if_it_s_in_three_level_list
-		c = DNSBL::Client.new
-		c.nameservers = $nameservers
+  def test_normalize_domains_to_four_levels_if_it_s_in_three_level_list
+    c = DNSBL::Client.new
+    c.nameservers = $nameservers
 
-		assert_equal("example.act.edu.au", c.normalize("example.act.edu.au"))
-		assert_equal("example.act.edu.au", c.normalize("www.example.act.edu.au"))
-		assert_equal("example.act.edu.au", c.normalize("foo.bar.example.act.edu.au"))
-	end
+    assert_equal("example.act.edu.au", c.normalize("example.act.edu.au"))
+    assert_equal("example.act.edu.au", c.normalize("www.example.act.edu.au"))
+    assert_equal("example.act.edu.au", c.normalize("foo.bar.example.act.edu.au"))
+  end
 end