Domain Name System Block Lists

Domain Name System Block Lists DNSBLs are one of the measures used in countering spam.

They are typically lists of IP Addresses that meet some criteria that the maintainer of the blocklist has determined warrant inclusion on their list. Typically this means that the list maintainer has received spam from the IP address.A review of some of the DNSBLs we offer for use can be found here.

We must emphasise that almost without exception use of these lists by anyone other than the maintainer involves a degree of risk in a message being mis-identified as hostile. The criteria used for listing may be very strict, very lax, completely arbitrary or anywhere inbetween. One area in which these lists tend to be somewhat lax is in the procedure for aging out old data. Addresses can stick in blocklists for years after they have been cleaned up, retired, or reassigned.

Despite all the caveats above we feel that careful use of these lists provides a very good first-line of defence against spam.

How DNSBL Lookups Are Done

DNSBL lookups are done by taking the IP of the machine sending us the message,

218.13.92.117

reversing the elements of it and adding them to the name of the blocklist.

117.92.13.218.cn.countries.nerd.dk

and then performing a DNS lookup

$ host 117.92.13.218.cn.countries.nerd.dk
117.92.13.218.cn.countries.nerd.dk is an alias for recn.countries.nerd.dk.
recn.countries.nerd.dk has address 127.0.0.2

$ host -t txt 117.92.13.218.cn.countries.nerd.dk
117.92.13.218.cn.countries.nerd.dk is an alias for recn.countries.nerd.dk.
recn.countries.nerd.dk text "Your IP is in cn, rejected based on geographical location"
css.php