IPDS | RBL | Domains

POSTED ON 15 May, 2019

RBL Domains

Those domains are Internet servers with the purpose of maintaining a list of bad reputation IP addresses. A server IP address gets into this list when the systems detect a bad use of the network. Spammers, force brute attackers, scrapping robots, etc., compound the majority of those network abuses.

In this section, you could add or remove your custom domains. If your company have a DNS with an up to date custom list of dangerous, forbidden or whatever reason list of IP addresses that you desire to block, this is the section where to use it.

Peloaded Domain List

The bottom section shows the preloaded domains which are maintained and updated by the Zevenet Team. If one of the Zevenet domains is used, your load balancer will query them in the first place. The Zevenet DNS for RBL rules is ns1.rbl.zevenet.com and ns2.rbl.zevenet.com. Please, ensure that those DNS are reachable from your load balancer appliance.

As mentioned, to make it work it is needed that the load balancer has connectivity to Zevenet DNS.

These direct queries to Zevenet DNS increase system performance. If the Zevenet DNS is not used, usually the query is done against a different DNS (for example 8.8.8.8) which later it will resend the query to the final DNSBL server (for example blocklist.de).

For this purpose, the aforementioned increase in performance, Zevenet keeps a mirror of DNSBL from blocklist.de The mirror is updated daily.

Custom Domain List section allows you to add, delete or edit your custom domain. Each domain added should be a DNSBL (domain name server block list).

DNSBL queries

When a mail server receives a connection from a client and wishes to check that client against a DNSRBL, also known as DNSBL (let’s say, sbl.spamhaus.org), it does more or less the following:

  • 1 – Take the client’s IP address—say, 172.168.42.23—and reverse the order of octets, yielding 23.42.168.172.
  • 2 – Append the DNSBL’s domain name: 23.42.168.172.sbl.spamhaus.org.
  • 3 – Look up this name in the DNS as a domain name (“A” record). This will return either an address, indicating that the client is listed; or an “NXDOMAIN” (“No such domain”) code, indicating that the client is not.

Optionally, if the client is listed, look up the name as a text record (TXT record). Most DNSBLs publish the information about why a client is listed as TXT records.

Looking up an address in a DNSBL is similar to looking it up in reverse-DNS. The differences are that a DNSBL lookup uses the A rather than PTR record type, and uses a forward domain (such as dnsbl.example.net above) rather than the special reverse domain in-addr.arpa.

Share on:

Documentation under the terms of the GNU Free Documentation License.

Was this article helpful?

Yes No

Related Articles