[NTLUG:Discuss] How does MAPS RBL work?
Neil Aggarwal
neil at JAMMConsulting.com
Wed Jul 2 13:05:15 CDT 2003
Chris:
I can list a set of IPs that are allowed to query a zone
in BIND, but here is the problem I see:
When any server wants to query DNS, it sends a query
to the DNS servers it is configured with. These are usually
local to it.
The local DNS server will then look up the DNS servers that
are authoritative for the zone and send a query to one
of them.
Here is the problem:
1. If I require all mail servers to change their nameservers
to the ones hosting the blacklist zone, there are two
problems:
a. This puts a requirement on the mailservers that I
would like to avoid.
b. Our DNS servers will be handling all DNS requests
for those servers, which means our DNS servers
will be handling more traffic than they should.
2. If I allow the ISPs mailservers to make queries to the
DNS blacklist, then it will be hard to enfore the
subscription of the blacklist since all customers
of that ISP will have access to the list.
That is why I am trying to figure out what MAPS did
to solve this issue.
Thanks,
Neil
--
Neil Aggarwal, JAMM Consulting, (972)612-6056, www.JAMMConsulting.com
FREE! Valuable info on how your business can reduce operating costs by
17% or more in 6 months or less! => http://newsletter.JAMMConsulting.com
> -----Original Message-----
> From: discuss-bounces at ntlug.org
> [mailto:discuss-bounces at ntlug.org] On Behalf Of Chris J Albertson
> Sent: Wednesday, July 02, 2003 12:47 PM
> To: discuss at ntlug.org
> Subject: Re: [NTLUG:Discuss] How does MAPS RBL work?
>
>
> mail-abuse.org does work with DNS lookups, but they are a
> for-profit group. They
> will let hobbyists use their stuff, but you need to sign a
> contract first.
> So, just flat-out doing DNS queries to them won't work.
> Also, it's been a bit since I looked into them, but I believe
> you need to do a
> DNS replicate with them, rather than a direct query.
>
> One way I can think that one would implement this would be by
> the use of BIND9+
> views. This would allow you to specify what IP addresses are
> able to query your
> domain.
>
> Good luck!
>
> --
> Chris Albertson
> Owner - ChrisAlbertson.com (Actually, I rent, with an option to buy)
>
> ======================================================
> ^ You can find my PGP public key, ^
> ^ email server policy, and other misc "stuff" at.. ^
> ^ http://www.chrisalbertson.com. ^
> ======================================================
>
>
> Quoting Neil Aggarwal <neil at JAMMConsulting.com>:
>
> Hello:
>
> We are running a DNS blacklist and want to also offer a subscription
> service like the MAPS RBL list at http://mail-abuse.org/
>
> Does anyone know how their system works?
>
> If I do:
> dig on 2.0.0.127.blackholes.mail-abuse.org
>
> I don't get an answer.
>
> Any ideas?
>
> Thanks,
> Neil
>
> --
> Neil Aggarwal, JAMM Consulting, (972)612-6056, www.JAMMConsulting.com
> FREE! Valuable info on how your business can reduce
> operating costs by
> 17% or more in 6 months or less! =>
> http://newsletter.JAMMConsulting.com
>
>
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
>
>
> -------------------------------------------------
> This email was sent from www.chrisalbertson.com
> using the IMP mailing program, part of the Horde suite
> of information management tools.
> http://horde.org/
>
>
More information about the Discuss
mailing list