[dns-operations] [from nanog] in.dnsbl.org must not be used for mail filtering
Paul Vixie
paul at vix.com
Wed May 31 14:19:14 UTC 2006
> ... I wish the in.dnsbl.org zone said who added the record to the zone.
> While we know this info we don't publish it in the zone. I think we should
> add it in as a TXT record or something to help verify the integrity of the
> data.
here's the script i use to add things to my personal blackhole list. with a
little bit of editing, the in.dnsbl.org folks could use it to add TXT RRs at
the same time as the A RR. i call this from gnu emacs via the junkmail api.
the corresponding deletion script is available upon request. love that 2136.
(no, the reject-all.vix.com zone is not available for public query, don't ask.)
#!/bin/sh
node=`echo $1 | awk -F. '{print $4 "." $3 "." $2 "." $1}'`; shift
zone="reject-all.vix.com"
server="ns.lah1.vix.com"
ttl="1800"
nsupdate="/usr/local/bin/nsupdate"
keyfile="/var/local/named/rejectall/Kupdate-rejectall.yadayadayada.key"
( echo server $server
echo zone $zone
echo prereq nxdomain $node.$zone
echo update add $node.$zone $ttl A 0.0.0.0
echo update add $node.$zone $ttl TXT created `date +%Y%m%d%H%M%S`
if [ $# -gt 0 ]; then echo update add $node.$zone $ttl TXT reason $@; fi
echo send ) | $nsupdate -k $keyfile /dev/stdin
exit $?
More information about the dns-operations
mailing list