IPDS | RBL | Domains

RBL Domains

Those domains are Internet servers with the purpose of maintaining a list of bad reputation IP addresses. A server IP address get into this list when the systems detect a bad use of the network. Spammers, force brute attackers, scrapping robots, etc., compound the majority of those lists.

In this section you could add or remove your custom domains. If your company have an DNS with an up to date custom list of dangerous, forbidden or what ever reason list of IP addresses that you desire to block, this is the section where to use it.

zevenet ipds rbl rules list

The first section shows the preloaded domains which are maintained and updated by the Zevenet Team. If one of the Zevenet domains is used, your load balancer will query them in first place. The Zevenet DNS for RBL rules are ns1.rbl.zevenet.com and ns2.rbl.zevenet.com. Please, take care that those DNS are reachable from your load balancer appliance.

As mentioned, to make it work it is needed that the load balancer has connectivity to Zevenet DNS.

These direct queries to Zevenet DNS increases system performance. If the Zevenet dns are not used, usually the query is done against a different DNS (for example 8.8.8.8) which later it will resend the query to the final DNSBL server (for example blocklist.de).

For this purpose, the aforementioned increase in performance, Zevenet keeps a mirror of DNSBL from blocklist.de The mirror is updated in a daily basis.

Domains added section allows you to add your custom domain. Each domains added should be a DNSBL (domain name server block list).

DNSBL queries

When a mail server receives a connection from a client, and wishes to check that client against a DNSRBL, also known as DNSBL (let’s say, sbl.spamhaus.org), it does more or less the following:

  • 1 – Take the client’s IP address—say, 172.168.42.23—and reverse the order of octets, yielding 23.42.168.172.
  • 2 – Append the DNSBL’s domain name: 23.42.168.172.sbl.spamhaus.org.
  • 3 – Look up this name in the DNS as a domain name (“A” record). This will return either an address, indicating that the client is listed; or an “NXDOMAIN” (“No such domain”) code, indicating that the client is not.

Optionally, if the client is listed, look up the name as a text record (TXT record). Most DNSBLs publish the information about why a client is listed as TXT records.

Looking up an address in a DNSBL is thus similar to looking it up in reverse-DNS. The differences are that a DNSBL lookup uses the A rather than PTR record type, and uses a forward domain (such as dnsbl.example.net above) rather than the special reverse domain in-addr.arpa.

Share on:

Documentation under the terms of the GNU Free Documentation License.

Was this article helpful?

Related Articles