Re: [Asrg] DNSBL BCP v.2.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SM wrote:

At 13:22 08-02-2007, Nick Nicholas wrote:

   7.  What are the demographics and quantity of the list's user base?


Such information is rarely published.  Point 8 is a better guideline.


I think the intent here is not that the DNSBL publishes it (they often
don't know), but the user should consider this - eg: do other site like
me use it?

2.1. Transparency.

   A DNSBL SHOULD carefully describe the criteria which are the cause
   for adding, and the criteria for removing an IP address or domain


Shouldn't this be a MUST so that the user has better guidance in
choosing a DNSBL?


This is compromise wording.  Some DNSBLs can't publish full criteria,
because that would allow spammers to avoid it.  Rather than get into
quibbles over what constitutes "criteria", soften it a bit to SHOULD.

3.2. Cessation of List Operations MUST Be Done in a Graceful Fashion.

   When a DNSBL ceases operations and is taken out of circulation,
   it MUST do so in a graceful manner so that it does not create
   excessive DNS queries or list the entire Internet.

   The recommended approach is to put the DNSBL in its own second
   level domain, and then point the DNS NS records for that second
   level domain to 127.255.255.255.  The TTL for that record should be
   set at the maximum allowed period of one week.


Using a broadcast address may have unintended consequences.  I suggest
using 192.0.2.2.


Which would have lower risk?  Somewhere in upper 127, or 192.0?


Some DNSBL operators list the entire Internet because they keep
receiving queries years after the DNSBL has ceased operation.  It may be
better to include a note for people implementing DNSBL features in their
software to prevent such behavior.  They could use a test point to
determine whether the DNSBL is still active.  This is the best way to
avoid excessive DNS queries.


Part of the issue about this is John's DNSBL protocol BCP.  We perhaps
shouldn't get too far into detail of this, unless we subsume John's.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iQCVAwUBRduchp3FmCyJjHfhAQJ3uAQAuFz0JHNFxpIOCu7gPx+KbkVxRlpMMwE1
PmYHHosCe0Ms3+k41kXRJJ1dzHlG2GrO6oK9NF55Ow1QRVb6qor8kIz3eNlCB5Cy
jQnQgaKjJ2btpS6hgU9q0efZpgzYPBefqXsPJRJuzod9YI9NKv8dJ09/Ahcem2tX
3EzE6yVDSnA=
=PVIH
-----END PGP SIGNATURE-----

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Asrg] Re: DNSBL BCP v.2.0, (continued) Message not available Re: [Asrg] Re: DNSBL BCP v.2.0, Matt Sergeant Message not available Re: [Asrg] Re: DNSBL BCP v.2.0, Matt Sergeant Message not available Re: [Asrg] Re: DNSBL BCP v.2.0, Chris Lewis Re: [Asrg] Re: DNSBL BCP v.2.0, Daniel Feenberg Re: [Asrg] DNSBL BCP v.2.0, Tony Finch Re: [Asrg] DNSBL BCP v.2.0, Matt Sergeant Re: [Asrg] DNSBL BCP v.2.0, Daniel Feenberg Re: [Asrg] DNSBL BCP v.2.0, Matt Sergeant Re: [Asrg] DNSBL BCP v.2.0, Bill Cole Message not available Re: [Asrg] DNSBL BCP v.2.0, SM Re: [Asrg] DNSBL BCP v.2.0, Chris Lewis <= Re: [Asrg] DNSBL BCP v.2.0, Al Iverson Re: [Asrg] DNSBL BCP v.2.0, SM Re: [Asrg] DNSBL BCP v.2.0, Chris Lewis Re: [Asrg] DNSBL BCP v.2.0, SM