[Operators] DNSBLs
Evgeniy Khramtsov
xramtsov at gmail.com
Wed Nov 18 22:59:47 CST 2009
Peter Saint-Andre wrote:
> How is your DNSBL built?
Currently it is build manually, no reporting yet. It is located on
dnsbl.jabber.ru and is maintaining according to DNSxL I-D.
> What are the inputs?
The input currently is server DNS names (i.e. only s2s so far). The
format is described in the DNSxL I-D:
http://tools.ietf.org/html/draft-irtf-asrg-dnsbl-08#section-3
> How does the operator of an XMPP service find out if their domain or
> IP address is listed? Do you return a particular stream error to
> entities that are on the DNSBL?
Those are not yet implemented. It's on my TODO list.
> How does a service remove itself from the list? Where is the list
> maintained and by whom?
There is no such functionality yet. Please understand, we ran it as a
testing service only for our purposes. However, everyone is able to
maintain his own list. There are also software available for that
purpose (rbldnsd for example). By the way, there is I-D available which
discusses guidelines for the management of public DNSBLs by their
operators - http://tools.ietf.org/html/draft-irtf-asrg-bcp-blacklists-05
> How does someone access the list?
Everybody can access it via DNS client ;)
> What if the machine on which the DNSBL is located gets hacked? Does
> this introduce a single point of failure or attack for the XMPP network?
If you have only one DNSBL configured in your service then, yes, you are
in troubles. However typically, you should have multiple DNSBLs
configured (and even weighted and ranged) to get rid of that kind of
bottle-neck.
> Personally I would prefer a decentralized technology like XEP-0268 to a
> centralized DNSBL.
>
I read the XEP and didn't find where it is more decentralized than
DNSBLs. Also, as I understand the XEP only describes reporting technics.
--
Regards,
Evgeniy Khramtsov, ProcessOne.
xmpp:xram at jabber.ru.
More information about the Operators
mailing list