ietf-asrg
[Top] [All Lists]

Re: [Asrg] DNSBL BCP v.2.0

2007-02-21 14:35:23
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SM wrote:
At 17:12 20-02-2007, Chris Lewis wrote:
I think the intent here is not that the DNSBL publishes it (they often
don't know), but the user should consider this - eg: do other site like
me use it?

Generally DNSBL operators don't publish such information.

In addition to not really knowing, most DNSBLs will be reluctant to
publish the info even if they knew it.  While (the better) DNSBLs would
probably like to, parading the security measures of other sites is, er,
"poor form".

The
information is also not published in comparative evaluations.

I've seen it, but not published.

Your
question "Do other sites like me use it?" is more to the point.  The
Guidance for DNSBL users questions are straight-forward except for
question 7.

Nick - I think i like this suggestion...

For Al: how would the prospective user know?  Google works ;-)

Which would have lower risk?  Somewhere in upper 127, or 192.0?

The 192.0.2.0/24 block is assigned as "TEST-NET".  It should not appear
on the public Internet (RFC 3330).

But it may occur locally.  Wouldn't want your DNSBL queries to go off to
a test DNS server.  Tho, perhaps it's unlikely to result in a listing...

Pointing the DNS NS record to
192.0.2.2 will cause a query timeout.

Most 127s would as well, would they not?

The DNSBL user may notice the
slow down in mail delivery and take appropriate action.  The purpose is
not to cause any harm.  In my opinion, 192.0.2 should have a lower risk
than the upper 127 as it is not associated with the loopback address.  I
suggested 192.0.2.2/32 as it makes troubleshooting easier.

Thanks for the discussion.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iQCVAwUBRdy6PJ3FmCyJjHfhAQJlxgQAxL6Fg+JX+8o5pXymemTVl4IzxiD3tVPa
ZgvlekEfJlnue/aw0qHy8pBHmC4OcteJn0WyCN7qoofpKRqMQaxuUkh2WpJkaa+L
66A5W6b9ZytKgdx0qeoNvW7M58KfWDl8J4waDlewYKvZLH6UBRKGRloFvmHWKYQQ
MMRkQ6tu+l8=
=fO5a
-----END PGP SIGNATURE-----

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>