At 13:22 08-02-2007, Nick Nicholas wrote:
1.2. Guidance for DNSBL Users
When choosing to adopt a DNSBL, an administrator should keep the
following questions in mind:
1. What is the intended use of the list?
DNSBLs don't always specify SMTP blocking as the intended use. Maybe
this should be "What is the listing policy?"
7. What are the demographics and quantity of the list's user base?
Such information is rarely published. Point 8 is a better guideline.
2.1. Transparency.
A DNSBL SHOULD carefully describe the criteria which are the cause
for adding, and the criteria for removing an IP address or domain
Shouldn't this be a MUST so that the user has better guidance in
choosing a DNSBL?
Availability of documentation concerning a DNSBL SHOULD NOT be
dependent on the continued operation of DNS for the DNSBL zone file.
In other words, if the DNSBL documentation is located at
http://example.com/dnsbl/, the documentation web site SHOULD remain
available even if the DNSBL zone file is not available. See also
Section 3.2
If a DNSBL ceases operations, the domain registration may lapse or
else the web server is unreachable. The above requirement is
generally not followed.
3.2. Cessation of List Operations MUST Be Done in a Graceful Fashion.
When a DNSBL ceases operations and is taken out of circulation,
it MUST do so in a graceful manner so that it does not create
excessive DNS queries or list the entire Internet.
The recommended approach is to put the DNSBL in its own second
level domain, and then point the DNS NS records for that second
level domain to 127.255.255.255. The TTL for that record should be
set at the maximum allowed period of one week.
Using a broadcast address may have unintended consequences. I
suggest using 192.0.2.2.
Some DNSBL operators list the entire Internet because they keep
receiving queries years after the DNSBL has ceased operation. It may
be better to include a note for people implementing DNSBL features in
their software to prevent such behavior. They could use a test point
to determine whether the DNSBL is still active. This is the best way
to avoid excessive DNS queries.
Regards,
-sm
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg