DNSBL Server: Difference between revisions

From Unallocated Space
Jump to navigation Jump to search
(Created page with "= DNSBL Concepts = == What is a DNSBL? == A DNSBL, DNS Black(or Block) List server is simply a DNS server used to determine if an IPv4 address has a record, "is listed", in a blo...")
 
Line 12: Line 12:
* There are unlisted bad guys sending spam or malware to your company
* There are unlisted bad guys sending spam or malware to your company
* Your company receives more than 1000 emails per day or otherwise exceeds the "free use" policies of the DNSBL services.
* Your company receives more than 1000 emails per day or otherwise exceeds the "free use" policies of the DNSBL services.
* It makes you feel better when You stop a spammer from connecting to your server.
* Local DNSBL performance reduces your email server's work load and idle time waiting for public DNSBL response.


=== Pros and Cons of Running a Private DNSBL ===
=== Pros and Cons of Running a Private DNSBL ===

Revision as of 08:26, 12 January 2014

DNSBL Concepts

What is a DNSBL?

A DNSBL, DNS Black(or Block) List server is simply a DNS server used to determine if an IPv4 address has a record, "is listed", in a blocklist server's domain. A DNSBL is used as a second (assuming the firewall is the first) defense check used to determine if a sending server should be prohibited from connecting to your email server.

Typical IP addresses listed in a DNSBL

  • Known Repeat Spam sources
  • Commercial ISP DHCP address ranges whose customers should be using the ISP's email services
  • Rogue IP addresses that are unregistered

Why Would a Company Want its Own DNSBL?

Good question! There are free, public, DNSBLs, so why have your own?

  • There are unlisted bad guys sending spam or malware to your company
  • Your company receives more than 1000 emails per day or otherwise exceeds the "free use" policies of the DNSBL services.
  • Local DNSBL performance reduces your email server's work load and idle time waiting for public DNSBL response.

Pros and Cons of Running a Private DNSBL

  • PRO: Your email server can more efficiently identify and drop connections from repeat offenders. Public DNSBLs are slower to respond.
  • PRO: It makes you feel good when you can block an annoyance and they have to ask You to unblock them.
  • CON: Some of your customers, suppliers, and consultants use the same email services that send spam. If not careful, you might block a spammer and your customer with the same listing. (e.g. accidentally block email from yahoo.com servers).
  • CON: The Internet IP address space is BIG (even for IPv4) and the process of identifying list candidates is a tedious maintenance task.


How Does a DNSBL Work?

A DNSBL server has one or more domains with records that are structured for storing IPv4 Addresses for efficient reverse lookup within the zone.

The storage and lookup process is similar to a Reverse Lookup used to find a FQDN (Fully Qualified Domain Name) for an IP address. The difference is that a DNSBL lookup is a Forward Lookup that looks up a FQDN constructed using the reverse IP Address and the DNSBL server's domain then resolves it to an IP address. The IP addresses returned by a DNSBL are typically 127.0.0.2 to 127.0.0.254.


Linux Based DNSBL Implementation

Requirements

Windows Based DNSBL Implementation

Requirements

  • Windows Server 2000 or later
  • Microsoft DNS Server