nanog mailing list archives
Re: what the heck do i do now?
From: "Andrew - Supernews" <andrew () supernews net>
Date: Mon, 05 Feb 2007 02:36:10 +0000
"Warren" == Warren Kumari <warren () kumari net> writes:
Warren> Sure, but if we could all agree that 127.255.255.255 (or Warren> something) means that the BL has been shutdown then in the Warren> future this sort of issue could be mitigated. You don't need to agree on something - it's already possible to apply automated checks to a DNSBL that detect all known methods of shutting it down. Applying these same checks in configuration tools would also prevent users specifying things which are not live DNSBLs, thus avoiding a lot of excess query load on nameservers that just happen to serve domains that have been mistaken for DNSBLs. The algorithm is very simple: - if 1.0.0.127.dnsbl.example. is not NXDOMAIN, this is a hard failure. - if 2.0.0.127.dnsbl.example. is NXDOMAIN or SERVFAIL, or lacks an A record, or has an A record which is not 127.x.x.x, then this is a soft failure. - otherwise the test passes. DNSBLs that soft-fail should be removed from use but continue to be tested regularly, and at least optionally added back automatically if they pass within a reasonable period (days, say) of failing - after that they should be treated as hard failures and removed completely. Warren> Yes, this doesn't fix Paul's problem (or anyone who setup a Warren> blacklist before this is standardized) and there is no way to Warren> enforce this, but it is bunch better than not doing Warren> anything... It has been possible all along, so why aren't people doing it already? -- Andrew, Supernews http://www.supernews.com
Current thread:
- Re: what the heck do i do now?, (continued)
- Re: what the heck do i do now? Stephane Bortzmeyer (Feb 06)
- Re: what the heck do i do now? Jon Lewis (Feb 06)
- Re: what the heck do i do now? Jon Lewis (Feb 01)
- Re: what the heck do i do now? Barry Shein (Feb 01)
- Re: what the heck do i do now? Matthew Sullivan (Feb 01)
- Re: what the heck do i do now? Ken Eddings (Feb 01)
- Re: what the heck do i do now? Jay Hennigan (Feb 01)
- Re: what the heck do i do now? Simon Lyall (Feb 04)
- Re: what the heck do i do now? Jon Lewis (Feb 04)
- Re: what the heck do i do now? Warren Kumari (Feb 04)
- Re: what the heck do i do now? Andrew - Supernews (Feb 04)
- Re: what the heck do i do now? Matthew Sullivan (Feb 05)
- Re: what the heck do i do now? Andrew Kirch (Feb 05)
- Re: what the heck do i do now? Simon Lyall (Feb 04)