On Tue, 13 Dec 2011, Kevin A. McGrail wrote:
On 12/13/2011 2:19 AM, Dave Warren wrote:
Perhaps a better long-term solution would be to validate DNS lists before
using them?
One possible implementation would be to test to ensure that 127.0.0.1
is not listed
Similarly, 127.0.0.1 should never be listed for any DNSBL
that I'm aware of, and so when a list moves to a list-the-world
configuration, this entry would spot it.
Unfortunately, 1 is a bitwise answer I've seen it used. In fact, just
checking real quick, I've got an RBL that uses 1 on a live server now.
Let's rephrase: querying 127.0.0.1 should never return a positive answer.
Returning 127.0.0.1 as an answer is not a problem.
This seems to me to be a reasonable test. If the BL returns a hit, and if
it hasn't been validated in the last X hours, then query 127.0.0.1 and see
if the list returns a positive. If so, discard the hit and suppress
querying the list for the next Y hours.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
North Korea: the only country in the world where people would risk
execution to flee to communist China. -- Ride Fast
-----------------------------------------------------------------------
2 days until Bill of Rights day