On 10/02/2014 08:50 PM, Philip Prindeville wrote:
The issue we’ve been having with Blacklotus (self-appointed champions
of everyone’s right to be on the internet, no matter how shady, is
the impression I got from speaking to their sales department a while
ago) has one commonality.
All of the domains that resolve to 192.3.186.4 are registered to
registrar-servers.com.
How do I go about blocking based on the NS records for a given domain
having NS records with an RHS of dns\d+\.registrar-servers\.com ?
Also noticed that all of the A records for these DNS servers points
to… anyone want to guess? … Blacklotus?
What upstandingly egalitarian folks that want to give an internet
soapbox to even the most shady amongst us! How horribly
misunderstood they must be for this veiled virtue!
192.3.186.4 is Colocrossing, not BlackLotus
put these CIDrs in a rbldnsd [1] zone
Black Lotus Communications BLACK-LOTUS-COMMUNICATIONS
(NET-162-254-240-0-1) 162.254.240.0 - 162.254.243.255
Black Lotus Communications NET-208-64-120-0-1 (NET-208-64-120-0-1)
208.64.120.0 - 208.64.127.255
Black Lotus Communications BLACK-LOTUS-COMMUNICATIONS
(NET-192-184-8-0-1) 192.184.8.0 - 192.184.15.255
Black Lotus Communications BLACK-LOTUS-COMMUNICATIONS
(NET-199-59-160-0-1) 199.59.160.0 - 199.59.167.255
Black Lotus Communications BLACK-LOTUS-COMMUNICATIONS (NET6-2604-8300-1)
2604:8300:: - 2604:8300:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
Black Lotus Communications BLACK-LOTUS-COMMUNICATIONS
(NET-192-31-184-0-1) 192.31.184.0 - 192.31.187.255
Black Lotus Communications (AS32421) BLCC 32421
for example
uriarec.example.net:ip4set:blacka.rbldnsd
the use a SA rule
uridnssub YOUR_A_REC_BL uriarec.example.net. A 127.0.0.2
body YOUR_A_REC_BL eval:check_uridnsbl('YOUR_A_REC_BL')
describe YOUR_A_REC_BL URL domain listed in YOU A REC BL
tflags YOUR_A_REC_BL net a
score YOUR_A_REC_BL 3.0
bingo... any domain's A rec hosted on Black Lotus IP will get the
rule's score...
[1] http://www.corpit.ru/mjt/rbldnsd.html
if you need help in setting up rbldnsd, just yell.
