On Oct 2, 2014, at 1:42 PM, Axb <axb.li...@gmail.com> wrote: > On 10/02/2014 08:50 PM, Philip Prindeville wrote: >> The issue we’ve been having with Blacklotus (self-appointed champions >> of everyone’s right to be on the internet, no matter how shady, is >> the impression I got from speaking to their sales department a while >> ago) has one commonality. >> >> All of the domains that resolve to 192.3.186.4 are registered to >> registrar-servers.com. >> >> How do I go about blocking based on the NS records for a given domain >> having NS records with an RHS of dns\d+\.registrar-servers\.com ? >> >> Also noticed that all of the A records for these DNS servers points >> to… anyone want to guess? … Blacklotus? >> >> What upstandingly egalitarian folks that want to give an internet >> soapbox to even the most shady amongst us! How horribly >> misunderstood they must be for this veiled virtue! >> > > 192.3.186.4 is Colocrossing, not BlackLotus
Sorry, typo: 192.31.186.4 > > put these CIDrs in a rbldnsd [1] zone > > Black Lotus Communications BLACK-LOTUS-COMMUNICATIONS (NET-162-254-240-0-1) > 162.254.240.0 - 162.254.243.255 > Black Lotus Communications NET-208-64-120-0-1 (NET-208-64-120-0-1) > 208.64.120.0 - 208.64.127.255 > Black Lotus Communications BLACK-LOTUS-COMMUNICATIONS (NET-192-184-8-0-1) > 192.184.8.0 - 192.184.15.255 > Black Lotus Communications BLACK-LOTUS-COMMUNICATIONS (NET-199-59-160-0-1) > 199.59.160.0 - 199.59.167.255 > Black Lotus Communications BLACK-LOTUS-COMMUNICATIONS (NET6-2604-8300-1) > 2604:8300:: - 2604:8300:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF > Black Lotus Communications BLACK-LOTUS-COMMUNICATIONS (NET-192-31-184-0-1) > 192.31.184.0 - 192.31.187.255 > Black Lotus Communications (AS32421) BLCC 32421 > > for example > > uriarec.example.net:ip4set:blacka.rbldnsd > > the use a SA rule > > uridnssub YOUR_A_REC_BL uriarec.example.net. A 127.0.0.2 > body YOUR_A_REC_BL eval:check_uridnsbl('YOUR_A_REC_BL') > describe YOUR_A_REC_BL URL domain listed in YOU A REC BL > tflags YOUR_A_REC_BL net a > score YOUR_A_REC_BL 3.0 > > > bingo... any domain's A rec hosted on Black Lotus IP will get the rule's > score... > > [1] http://www.corpit.ru/mjt/rbldnsd.html > > if you need help in setting up rbldnsd, just yell. > Was hoping to avoid having to run rbldnsd… hence the query for a plugin way around this. -Philip