How to check if an IP address is on Realtime Block List

I have been puzzled for a long time about how to check if an IP address is listed in some famous RBLs. After playing around for several hours, I figured out that RBLs are running on DNS and nslookup or dig should be the interface to perform the query. That’s true. If spamhaus.org blacklists the IP address 218.19.1.220, it will make "A" record of 220.1.19.218.bl.spamhaus.org and upon querying this string, the IP address 127.0.0.2 will be returned. Other DNSRBLs work on similar mechanism. On command level, it is as follows :

# nslookup

> 220.1.19.218.bl.spamhaus.org
Server: 202.81.252.116
Address: 202.81.252.116#53

Non-authoritative answer:

220.1.19.218.bl.spamhaus.org canonical name = blocklist.address.is.wrong.spamhaus.org.
Name: blocklist.address.is.wrong.spamhaus.org
Address: 127.0.0.2

I found that dig is more useful in DNSBL query. Using dig, I would type :

[root@i3way mail]# dig +short 220.1.19.218.relays.ordb.org A

and the response is “127.0.0.2”