Re: Local URL blocking based on NS records?

Thu, 02 Oct 2014 14:51:06 -0700 

On Oct 2, 2014, at 1:42 PM, Axb <axb.li...@gmail.com> wrote:

> On 10/02/2014 08:50 PM, Philip Prindeville wrote:
>> The issue we’ve been having with Blacklotus (self-appointed champions
>> of everyone’s right to be on the internet, no matter how shady, is
>> the impression I got from speaking to their sales department a while
>> ago) has one commonality.
>> 
>> All of the domains that resolve to 192.3.186.4 are registered to
>> registrar-servers.com.
>> 
>> How do I go about blocking based on the NS records for a given domain
>> having NS records with an RHS of dns\d+\.registrar-servers\.com ?
>> 
>> Also noticed that all of the A records for these DNS servers points
>> to… anyone want to guess? … Blacklotus?
>> 
>> What upstandingly egalitarian folks that want to give an internet
>> soapbox to even the most shady amongst us!  How horribly
>> misunderstood they must be for this veiled virtue!
>> 
> 
> 192.3.186.4 is Colocrossing, not BlackLotus

Sorry, typo: 192.31.186.4


> 
> put these CIDrs in a rbldnsd [1] zone
> 
> Black Lotus Communications BLACK-LOTUS-COMMUNICATIONS (NET-162-254-240-0-1) 
> 162.254.240.0 - 162.254.243.255
> Black Lotus Communications NET-208-64-120-0-1 (NET-208-64-120-0-1) 
> 208.64.120.0 - 208.64.127.255
> Black Lotus Communications BLACK-LOTUS-COMMUNICATIONS (NET-192-184-8-0-1) 
> 192.184.8.0 - 192.184.15.255
> Black Lotus Communications BLACK-LOTUS-COMMUNICATIONS (NET-199-59-160-0-1) 
> 199.59.160.0 - 199.59.167.255
> Black Lotus Communications BLACK-LOTUS-COMMUNICATIONS (NET6-2604-8300-1) 
> 2604:8300:: - 2604:8300:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
> Black Lotus Communications BLACK-LOTUS-COMMUNICATIONS (NET-192-31-184-0-1) 
> 192.31.184.0 - 192.31.187.255
> Black Lotus Communications (AS32421) BLCC 32421
> 
> for example
> 
> uriarec.example.net:ip4set:blacka.rbldnsd
> 
> the use a SA rule
> 
> uridnssub       YOUR_A_REC_BL   uriarec.example.net.  A  127.0.0.2
> body            YOUR_A_REC_BL eval:check_uridnsbl('YOUR_A_REC_BL')
> describe        YOUR_A_REC_BL URL domain listed in YOU A REC BL
> tflags          YOUR_A_REC_BL net a
> score           YOUR_A_REC_BL 3.0
> 
> 
> bingo... any domain's A rec hosted on  Black Lotus IP will get the rule's 
> score...
> 
> [1] http://www.corpit.ru/mjt/rbldnsd.html
> 
> if you need help in setting up rbldnsd, just yell.
> 


Was hoping to avoid having to run rbldnsd… hence the query for a plugin way 
around this.

-Philip

Reply via email to