On 1/24/12 4:35 PM, Rich Kulawiec wrote:
On Tue, Jan 24, 2012 at 04:19:00PM +0100, Emanuele Balla (aka Skull) wrote:
and again, in point 3.5:
? A functioning DNSBL MUST NOT list 127.0.0.1. There are a number of
mail server implementations that do not cope with this well, and many
will use a positive response for 127.0.0.1 as an indication that the
DNSBL is shut down and listing the entire Internet.?
That is not clearly against "listing everything as a punishment", but
means uribl.com is technically "non-functional"... ;-)
I may well be misreading this report AND the RFC (coffee level: alarmingly
low) but it appears to me that this DNSBL is not listing "127.0.0.1",
but is returning 127.0.0.1 in response to queries for "example.com"
(and all other domains) when those queries are issued from certain hosts.
(And I presume those hosts are the set which have issued excessive
and/or unwelcome queries in the opinions of the DNSBL's operators.)
You (and David) are absolutely right: I simply messed up the whole
point. ;-)
The only point that directly applies, here, is IMHO 3.3:
«
3.3. DNSBLs SHOULD Provide Operational Flags
Most IP address-based DNSBLs follow a convention of query entries for
IP addresses in 127.0.0.0/8 (127.0.0.0-127.255.255.255) to provide
online indication of whether the DNSBL is operational. Many, if not
most, DNSBLs arrange to have a query of 127.0.0.2 return an A record
(usually 127.0.0.2) indicating that the IP address is listed. This
appears to be a de facto standard indicating that the DNSBL is
operating correctly. See [RFC5782] for more details on DNSBL test
entries.
If this indicator is missing (query of 127.0.0.2 returns NXDOMAIN),
or any query returns an A record outside of 127.0.0.0/8, the DNSBL
should be considered non-functional.
»
Somehow, this seems to allow URIBL to do what it does: they state that
returning 127.0.0.1 means you're an undesired client and you have the
chance to trap that flag (with the right software, at least)...
On the other side, there's point 3.4:
«
The DNSBL operator MUST issue impending shutdown warnings (on the
DNSBL web site, appropriate mailing lists, newsgroups, vendor
newsletters, etc.), and indicate that the DNSBL is inoperative using
the signaling given in Section 3.3.
[...]
The shutdown procedure should have the following properties:
1. MUST NOT list the entire Internet
»
One could argue they're not shutting down (just listing the Internet
:-D) so the point does not apply, but IMHO the underlying concept is.
After all, they're trying to force the offending customers to change
their configurations, just as during shutdowns...
--
Paranoia is a disease unto itself. And may I add: the person standing
next to you may not be who they appear to be, so take precaution.
-----------------------------------------------------------------------------
http://bofhskull.wordpress.com/
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg