IPDS | RBL | Domains

POSTED BY Zevenet | 25 October, 2021

RBL Domains

These domains point to servers that maintain a list of bad reputation IP addresses. A server’s IP address gets into this list when the systems detect a bad use of the network. For example Spammers, force brute attackers, scrapping robots, etc., compound the majority of those network abuses.

In this section, you’ll learn how to add or remove your custom domains. If your company has a DNS with an up-to-date custom list of dangerous, forbidden, or whatever reason list of IP addresses that you desire to block, this is the section where to use it.

Peloaded Domain List

The bottom section shows the preloaded domains which are maintained and updated by ZEVENET Team. If one of ZEVENET’s domains is used, your load balancer will query it first. ZEVENET DNS for RBL rules is ns1.rbl.zevenet.com and ns2.rbl.zevenet.com. Please, ensure that those DNS are reachable from your load balance appliance.

As mentioned, to make it work the load balancer must have connectivity to ZEVENET DNS.

These direct queries to ZEVENET DNS increase system performance. If ZEVENET DNS is not used, usually the query is done against a different DNS (for example 8.8.8.8) which later it will resend the query to the final DNSBL (DNS BlackList) server (for example blocklist.de).

For this purpose, the aforementioned increase in performance, ZEVENET keeps a mirror of DNSBL from blocklist.de The mirror is updated daily.

Custom Domain List section allows you to add, delete or edit your custom domain. Each domain added should be a DNSBL (domain name server block list).

DNSBL queries

When a mail server receives a connection from a client and wishes to check that client against a DNSRBL, also known as DNSBL (let’s say, sbl.spamhaus.org), it does more or less the following:

  • 1. Take the client’s IP address —say, 172.168.42.23— and reverse the order of octets, yielding 23.42.168.172.
  • 2. Append the DNSBL’s domain name: 23.42.168.172.sbl.Spamhaus.org.
  • 3. Look up this name in the DNS as a domain name (A record). This will return either an address, indicating that the client is listed; or an NXDOMAIN (“No such domain”) code, indicating that the client is not.

Optionally, if the client is listed, look up the name as a text record (TXT record). Most DNSBLs publish the reason why the client was listed in the TXT records.

Looking up an address in a DNSBL is similar to looking it up in reverse DNS. The differences are that a DNSBL lookup uses the A rather than PTR record type, and uses a forward domain (such as dnsbl.example.net above) rather than the special reverse domain in-addr.arpa.

Share on:

Documentation under the terms of the GNU Free Documentation License.

Was this article helpful?

Related Articles