At 11:44 PM -0500 2/8/07, Matt Sergeant wrote:
On 8-Feb-07, at 11:21 PM, Douglas Otis wrote:
3.3. Content of DNSBL Zone File SHOULD Be Limited.
The DNSBL "query root" SHOULD be below the registered domain, so
that the DNSBL information is not conflated with domain housekeeping
information (e.g., name server, MX or SPF records). By using this
approach, DNSBL queries would take the form of
"<query>.dnsbl.example.com" rather than "<query>.example.com".
This would be a problem only when zone transfers are used to distribute
... which covers all public DNSBLs, surely?
I think not. DNSBL operators seem to be very fond of rbldnsd, which
does not implement zone transfers. I can't speak for how Spamhaus
moves zones to its authoritative servers or in from primary sources
like the CBL, but their data feeds to big users are via rsync of
HOWEVER, Mr. Otis is missing a more important aspect.
Putting a DNSBL right on a registered domain means that the roots for
the registry-level domain (i.e. the gtld-servers.net machines for a
.com) can be put in a bad spot for a shutdown. The recommended
shutdown procedure (as well as simply wiping out the zone) leaves any
ongoing DNS burden primarily on the nameservers for the parent zone
of the DNSBL, and it would be bad for DNSBL operators to dump that on
Asrg mailing list