[dns-operations] [from nanog] in.dnsbl.org must not be used for mail filtering

Paul Vixie paul at vix.com
Wed May 31 14:19:14 UTC 2006


> ...  I wish the in.dnsbl.org zone said who added the record to the zone.
> While we know this info we don't publish it in the zone.  I think we should
> add it in as a TXT record or something to help verify the integrity of the
> data.

here's the script i use to add things to my personal blackhole list.  with a
little bit of editing, the in.dnsbl.org folks could use it to add TXT RRs at
the same time as the A RR.  i call this from gnu emacs via the junkmail api.
the corresponding deletion script is available upon request.  love that 2136.

(no, the reject-all.vix.com zone is not available for public query, don't ask.)

#!/bin/sh

node=`echo $1 | awk -F. '{print $4 "." $3 "." $2 "." $1}'`; shift
zone="reject-all.vix.com"
server="ns.lah1.vix.com"
ttl="1800"
nsupdate="/usr/local/bin/nsupdate"
keyfile="/var/local/named/rejectall/Kupdate-rejectall.yadayadayada.key"

( echo server $server
  echo zone $zone
  echo prereq nxdomain $node.$zone
  echo update add $node.$zone $ttl A 0.0.0.0
  echo update add $node.$zone $ttl TXT created `date +%Y%m%d%H%M%S`
  if [ $# -gt 0 ]; then echo update add $node.$zone $ttl TXT reason $@; fi
  echo send ) | $nsupdate -k $keyfile /dev/stdin

exit $?



More information about the dns-operations mailing list