Re: [Asrg] DNSBL BCP v.2.0

At 13:22 08-02-2007, Nick Nicholas wrote:

1.2.  Guidance for DNSBL Users

   When choosing to adopt a DNSBL, an administrator should keep the
   following questions in mind:

   1.  What is the intended use of the list?

DNSBLs don't always specify SMTP blocking as the intended use. Maybethis should be "What is the listing policy?"

   7.  What are the demographics and quantity of the list's user base?


Such information is rarely published.  Point 8 is a better guideline.

2.1. Transparency.

   A DNSBL SHOULD carefully describe the criteria which are the cause
   for adding, and the criteria for removing an IP address or domain

Shouldn't this be a MUST so that the user has better guidance inchoosing a DNSBL?

   Availability of documentation concerning a DNSBL SHOULD NOT be
   dependent on the continued operation of DNS for the DNSBL zone file.
   In other words, if the DNSBL documentation is located at
   http://example.com/dnsbl/, the documentation web site SHOULD remain
   available even if the DNSBL zone file is not available. See also
   Section 3.2

If a DNSBL ceases operations, the domain registration may lapse orelse the web server is unreachable. The above requirement isgenerally not followed.

3.2. Cessation of List Operations MUST Be Done in a Graceful Fashion.

   When a DNSBL ceases operations and is taken out of circulation,
   it MUST do so in a graceful manner so that it does not create
   excessive DNS queries or list the entire Internet.

   The recommended approach is to put the DNSBL in its own second
   level domain, and then point the DNS NS records for that second
   level domain to 127.255.255.255.  The TTL for that record should be
   set at the maximum allowed period of one week.

Using a broadcast address may have unintended consequences. Isuggest using 192.0.2.2.

Some DNSBL operators list the entire Internet because they keepreceiving queries years after the DNSBL has ceased operation. It maybe better to include a note for people implementing DNSBL features intheir software to prevent such behavior. They could use a test pointto determine whether the DNSBL is still active. This is the best wayto avoid excessive DNS queries.


Regards,

-sm


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Asrg] Re: DNSBL BCP v.2.0, (continued) Re: [Asrg] Re: DNSBL BCP v.2.0, Chris Lewis Message not available Re: [Asrg] Re: DNSBL BCP v.2.0, Matt Sergeant Message not available Re: [Asrg] Re: DNSBL BCP v.2.0, Matt Sergeant Message not available Re: [Asrg] Re: DNSBL BCP v.2.0, Chris Lewis Re: [Asrg] Re: DNSBL BCP v.2.0, Daniel Feenberg Re: [Asrg] DNSBL BCP v.2.0, Tony Finch Re: [Asrg] DNSBL BCP v.2.0, Matt Sergeant Re: [Asrg] DNSBL BCP v.2.0, Daniel Feenberg Re: [Asrg] DNSBL BCP v.2.0, Matt Sergeant Re: [Asrg] DNSBL BCP v.2.0, Bill Cole Message not available Re: [Asrg] DNSBL BCP v.2.0, SM <= Re: [Asrg] DNSBL BCP v.2.0, Chris Lewis Re: [Asrg] DNSBL BCP v.2.0, Al Iverson Re: [Asrg] DNSBL BCP v.2.0, SM Re: [Asrg] DNSBL BCP v.2.0, Chris Lewis Re: [Asrg] DNSBL BCP v.2.0, SM