If you are comfortable thats OK but your browser may be giving you less than optimum performance on our site. We recommend using a version 5 browser including Mozilla
Black Lists are used in the context of email to define the IP addresses or netblocks of well known sources of SPAM. DNSBL defines a method of using standard DNS zone files to store such IP addresses. Standard DNS A RR queries are used to interrogate the black list which is organised as a reverse mapping zone file. Assuming the blacklist is held at the domain name blacklist.example.com, the process works as follows:
The following shows a black list zone file fragment:
$TTL 2d # default RR TTL $ORIGIN blacklist.example.com IN SOA ns1.example.com. hostmaster.example.com.( 2003080800 ; se = serial number 3h ; ref = refresh 15m ; ret = update retry 3w ; ex = expiry 3h ; min = minimum ) IN NS ns1.example.com. IN NS ns2.example.com. # black list records - using origin substitution rule # order not important other than for local usage reasons # by convention this address should be listed to allow for external testing 2.0.0.127 IN A 127.0.0.2 # black list RRs 135.2.168.192 IN A 127.0.0.2 # or some specific result code address IN TXT "Optional - Some explanation for black listing" # the above entries expand to 135.2.168.192.blacklist.example.com ... 135.17.168.192 IN A 127.0.0.2 # generic list ...
Note: An A RR for the address 127.0.0.2, by convention, should always be present in any DNSBL system to allow for external testing and confirmation of operation - bear in mind, however, that spammers may also use this knowledge to mount DoS attacks on the DNSBL.
There is no standard, or even consensus, usage of the address returned by the DNS A RR query other that it lies in the netblock 127/8 (127.0.0.0 - 127.255.255.255). In most cases email software which uses DNSBL access will return a failing code if any address is returned (the IP is in the list). When reviewing a number of DNSBL web sites to obtain the value of return codes they were not easily identifiable. The following is the meaning of the returned address when using the SORBS black list:
127.0.0.2 - Open HTTP Proxy Server (http.dnsbl.sorbs.net) 127.0.0.3 - Open SOCKS Proxy Server (socks.dnsbl.sorbs.net) 127.0.0.4 - Open Proxy Server not listed in the SOCKS or HTTP lists. (misc.dnsbl.sorbs.net) 127.0.0.5 - Open SMTP relay server (smtp.dnsbl.sorbs.net) 127.0.0.6 - Hosts sending spam/UCE/UBE to SORBS, netblocks of spam supporting service providers (list.spam.dnsbl.sorbs.net) 127.0.0.7 - Web servers email vulnerabilities (e.g. FormMail scripts) (web.dnsbl.sorbs.net) 127.0.0.8 - Hosts demanding not to be tested by SORBS (block.dnsbl.sorbs.net) 127.0.0.9 - Networks hijacked from original owners (zombie.dnsbl.sorbs.net) 127.0.0.10 - Dynamic IP Address ranges (dul.dnsbl.sorbs.net) 127.0.0.11 - Domain names with bad A or MX RRs (badconf.rhsbl.sorbs.net) 127.0.0.12 - Domain names with no emai originating (nomail.rhsbl.sorbs.net)
While the terminology - DNSBL - defines the above to be a black list there is nothing to stop it being used as, say, a white list to speed up handling of incoming mail by using the SMTP Agent's IP addresses. Always assuming your favorite mail software will support such a concept and format. Further by prepending domain names or full email addresses such a white list may be even more useful. For example assume the following zone file fragment for whitelist.example.com (or even vhost.whitelist.example.com for virtual hosted sites)
$TTL 2d # default RR TTL $ORIGIN whitelist.example.com ... # white list records - using origin substitution rule # order not important other than for local usage reasons # normal whitelist RRs # by convention this address should be listed to allow for external testing 2.0.0.127 IN A 127.0.0.2 # black list RRs 135.2.168.192 IN A 127.0.0.2 # or some specific result code address IN TXT "Optional - Some explanation for white listing" # the above entries expand to 135.2.168.192.blacklist.example.com ... 135.17.168.192 IN A 127.0.0.2 # generic list ... # name based RRs for white listing friend.com IN A 127.0.0.1 # all domain email addresses # expands to friend.com.whitelist.example.com joe@my.my IN A 127.0.0.2 # single address # expands to joe@my.my.whitelist.example.com ...
DECLUDE maintain a page containing many known DNSBL format black lists.
Problems, comments, suggestions, corrections (including broken links) or some thing to add? Please take the time from a busy life to 'mail me' (at top of screen), the webmaster (below) or info-support at netwidget. You will have a warm inner glow for the rest of the day.
Copyright © 2003 - 2019 NetWidget, Inc. All rights reserved. Legal and Privacy |
site by zytrax |
Questions to web-master at netwidget Page modified: July 11 2011. |
home
short contents
full contents
notes & errata
files (1.1) zip
files (1.1) tarball
Apress
amazon.com
barnes & noble
bookpool.com
governance
dns software
libraries
security
dnssec
ipv6
dns telephony
index
death of hope
Open DNS
DNSBLs
DLV
commercial DNSSEC
why DNSSEC?
short TTLs