RBLs in use

Michael Moscovitch michaelm at citenet.net
Fri Nov 21 02:36:34 UTC 2003


While on the subject of dnsbls, I would like to bounce an idea off the
list. I would like to find out of there anything in existance like this
and if there would be interest in an implementation. I must admit that I
have not checked every single dnsbl, but as far as I could tell, there
doesnt seem to be any that work like the way I am going to describe. If
there are, I would like to find out.

Consider a dnsbl that provides delegation only information as to
the nameservers which contain the zones of ip addresses of non-mail
sending hosts.
Basically like a dialup or dynamic ip dnsbl, but it would hopefully be
more accurate and complete since the management of the zone would be
delegated to the ISP.


ISPs would register their networks and authenticate via ARIN/RIR contact
email. The nameserver could be mapped to the same as the in-addr.arpa or
maybe allow the addresses to be specified.


What would the drawbacks be? Well, you wouldn't be able to do a zone
transfer of the actual data. Of course, the dns servers would probably be
the same ones you are checking for the PTR records and other info, so if
there is a problem with them you may reject/defer the mail anyway.


I would be interested to hear if anyone can think of any drawbacks or
security implications.


I should also mention, that it would be possible (assuming the proper
coordination) to just define a zone 'in-dnsbl.arpa' for argument sake, and
delegate the networks to the existing 'in-addr.arpa' servers (maybe via
some fancy zone name mapping option in the dns server).
This would mean there is no central authority to attack (other than the
in-addr.arpa' servers).
The drawback would be lots of unwanted traffic to nameservers that
never configured the zones. That is why I prefer the registration,
method.


+--------------------------------------------------------------------------+
| Michael Moscovitch                                CiteNet Telecom Inc.   |
| michaelm at citenet.net                              Tel: (514) 861-5050    |
+--------------------------------------------------------------------------+




More information about the NANOG mailing list