DNSBL Server: Difference between revisions
Jump to navigation
Jump to search
(→Windows Based DNSBL Implementation: DNSBL Setup Details snippet from my notes added) |
|||
| Line 35: | Line 35: | ||
* Windows Server 2000 or later | * Windows Server 2000 or later | ||
* Microsoft DNS Server | * Microsoft DNS Server | ||
== DNSBL Setup Details == | == DNSBL DNS Host Setup Details == | ||
If you are just USING a DNSBL in email or spam filtering, you do not need to do any of this. The following host setup procedure is for configuring a private DNSBL in your DNS Server. | |||
=== DNSBL Domain Delegations === | |||
The following details are a snippet from [http://wiki.gridtrak.com/wiki/index.php/DNSBL AJ's DNSBL Notes].<br /> | The following details are a snippet from [http://wiki.gridtrak.com/wiki/index.php/DNSBL AJ's DNSBL Notes].<br /> | ||
==== Windows DNS - ''New Zone...'' Wizard ==== | ==== Windows DNS - ''New Zone...'' Wizard ==== | ||
1. Right click the ''Forward Lookup Zones'' and select the ''New Zone...'' menu item. | 1. Right click the ''Forward Lookup Zones'' and select the ''New Zone...'' menu item. | ||
2. Create a ''Primary Zone'' named ''' | 2. Create a ''Primary Zone'' named '''emaillab.net'''; finish the dialog (defaults are ok) | ||
3. Right click on the '' | 3. Right click on the ''emaillab.net'' domain and select the ''New Host (A)...'' menu item. | ||
4. Create a host record: Name = '' | 4. Create a host record: Name = ''dns0''; IP Address = 192.168.0.64; close the New Host dialog | ||
Create a Delegation Name Server for the DNS Black List | Create a Zone and Delegation Name Server for the DNS Black List | ||
5. Right Click on the '' | 5. Right click the ''Forward Lookup Zones'' and select the ''New Zone...'' menu item. | ||
6. Create a ''Primary Zone'' named '''dnsbl.emaillab.net'''; finish the dialog (defaults are ok) | |||
+ Add a Name server with FQDN = '' | 7. Right Click on the ''emaillab.net'' domain and select the ''New Delegation...'' menu item. | ||
8. Enter '''dnsbl''' for the Delegated Domain field; click Next | |||
+ Add a Name server with FQDN = ''dns0.emaillab.net'' and IP address = 192.168.0.64 | |||
Finish the New Delegation wizard. | Finish the New Delegation wizard. | ||
Create a Delegation Name Server for the DNS White List | Create a Delegation Name Server for the DNS White List | ||
9 Right click the ''Forward Lookup Zones'' and select the ''New Zone...'' menu item. | |||
10. Create a ''Primary Zone'' named '''dnswl.emaillab.net'''; finish the dialog (defaults are ok) | |||
11. Right Click on the ''emaillab.net'' domain and select the ''New Delegation...'' menu item. | |||
12. Enter '''dnswl''' for the Delegated Domain field; click Next | |||
<strong>You have completed the DNSBL setup</strong> | <strong>You have completed the DNSBL setup</strong> | ||
==== DNS Data File ==== | ==== DNS Data File ==== | ||
Here is a sample | Here is a sample emaillab.net.dns file from a Windows 2003 DNS server. Usually the LAN info is automatically generated by the ''New Zone'' wizard. | ||
; Database file | ; Database file emaillab.net.dns for emaillab.net zone. | ||
; Zone version: 123 | ; Zone version: 123 | ||
@ IN SOA | @ IN SOA emaillab.com. hostmaster. ( | ||
123 ; serial number | 123 ; serial number | ||
900 ; refresh | 900 ; refresh | ||
| Line 72: | Line 76: | ||
; Zone NS records | ; Zone NS records | ||
; | ; | ||
@ NS | @ NS dnsman@emaillab.com. | ||
emaillab.com. A 192.168.0.53 | |||
; Zone records | ; Zone records | ||
; | ; | ||
; Delegated sub-zone: dnsbl. | ; Delegated sub-zone: dnsbl.emaillab.net. | ||
; Note: This is the DNS Black List | ; Note: This is the DNS Black List | ||
dnsbl NS dnsbl. | dnsbl NS dnsbl.emaillab.net. | ||
dnsbl A | dnsbl A 192.168.0.64 | ||
; End delegation | ; End delegation | ||
; Delegated sub-zone: dnswl. | ; Delegated sub-zone: dnswl.emaillab.net. | ||
; Note: This is a DNS White List | ; Note: This is a DNS White List | ||
dnswl NS dnswl. | dnswl NS dnswl.emaillab.net. | ||
dnswl A | dnswl A 192.168.0.64 | ||
; End delegation | ; End delegation | ||
www A | www A 192.168.0.64 | ||
Revision as of 10:30, 12 January 2014
DNSBL Concepts
What is a DNSBL?
A DNSBL, DNS Black(or Block) List server is simply a DNS server used to determine if an IPv4 address has a record, "is listed", in a blocklist server's domain. A DNSBL is used as a second (assuming the firewall is the first) defense check used to determine if a sending server should be prohibited from connecting to your email server.
Typical IP addresses listed in a DNSBL
- Known Repeat Spam sources
- Commercial ISP DHCP address ranges whose customers should be using the ISP's email services
- Rogue IP addresses that are unregistered
Why Would a Company Want its Own DNSBL?
Good question! There are free, public, DNSBLs, so why have your own?
- There are unlisted bad guys sending spam or malware to your company
- Your company receives more than 1000 emails per day or otherwise exceeds the "free use" policies of the DNSBL services.
- Local DNSBL performance reduces your email server's work load and idle time waiting for public DNSBL response.
Pros and Cons of Running a Private DNSBL
- PRO: Your email server can more efficiently identify and drop connections from repeat offenders. Public DNSBLs are slower to respond.
- PRO: It makes you feel good when you can block an annoyance and they have to ask You to unblock them.
- CON: Some of your customers, suppliers, and consultants use the same email services that send spam. If not careful, you might block a spammer and your customer with the same listing. (e.g. accidentally block email from yahoo.com servers).
- CON: The Internet IP address space is BIG (even for IPv4) and the process of identifying list candidates is a tedious maintenance task.
How Does a DNSBL Work?
A DNSBL server has one or more domains with records that are structured for storing IPv4 Addresses for efficient reverse lookup within the zone.
The storage and lookup process is similar to a Reverse Lookup used to find a FQDN (Fully Qualified Domain Name) for an IP address. The difference is that a DNSBL lookup is a Forward Lookup that looks up a FQDN constructed using the reverse IP Address and the DNSBL server's domain then resolves it to an IP address. The IP addresses returned by a DNSBL are typically 127.0.0.2 to 127.0.0.254.
Linux Based DNSBL Implementation
Requirements
Windows Based DNSBL Implementation
Requirements
- Windows Server 2000 or later
- Microsoft DNS Server
DNSBL DNS Host Setup Details
If you are just USING a DNSBL in email or spam filtering, you do not need to do any of this. The following host setup procedure is for configuring a private DNSBL in your DNS Server.
DNSBL Domain Delegations
The following details are a snippet from AJ's DNSBL Notes.
Windows DNS - New Zone... Wizard
1. Right click the Forward Lookup Zones and select the New Zone... menu item. 2. Create a Primary Zone named emaillab.net; finish the dialog (defaults are ok) 3. Right click on the emaillab.net domain and select the New Host (A)... menu item. 4. Create a host record: Name = dns0; IP Address = 192.168.0.64; close the New Host dialog
Create a Zone and Delegation Name Server for the DNS Black List
5. Right click the Forward Lookup Zones and select the New Zone... menu item.
6. Create a Primary Zone named dnsbl.emaillab.net; finish the dialog (defaults are ok)
7. Right Click on the emaillab.net domain and select the New Delegation... menu item.
8. Enter dnsbl for the Delegated Domain field; click Next
+ Add a Name server with FQDN = dns0.emaillab.net and IP address = 192.168.0.64
Finish the New Delegation wizard.
Create a Delegation Name Server for the DNS White List
9 Right click the Forward Lookup Zones and select the New Zone... menu item. 10. Create a Primary Zone named dnswl.emaillab.net; finish the dialog (defaults are ok) 11. Right Click on the emaillab.net domain and select the New Delegation... menu item. 12. Enter dnswl for the Delegated Domain field; click Next
You have completed the DNSBL setup
DNS Data File
Here is a sample emaillab.net.dns file from a Windows 2003 DNS server. Usually the LAN info is automatically generated by the New Zone wizard.
; Database file emaillab.net.dns for emaillab.net zone.
; Zone version: 123
@ IN SOA emaillab.com. hostmaster. (
123 ; serial number
900 ; refresh
600 ; retry
86400 ; expire
3600 ) ; default TTL
; Zone NS records
;
@ NS dnsman@emaillab.com.
emaillab.com. A 192.168.0.53
; Zone records
;
; Delegated sub-zone: dnsbl.emaillab.net.
; Note: This is the DNS Black List
dnsbl NS dnsbl.emaillab.net.
dnsbl A 192.168.0.64
; End delegation
; Delegated sub-zone: dnswl.emaillab.net.
; Note: This is a DNS White List
dnswl NS dnswl.emaillab.net.
dnswl A 192.168.0.64
; End delegation
www A 192.168.0.64