[Operators] DNSBLs

Evgeniy Khramtsov xramtsov at gmail.com
Wed Nov 18 22:59:47 CST 2009


Peter Saint-Andre wrote:
> How is your DNSBL built?

Currently it is build manually, no reporting yet. It is located on 
dnsbl.jabber.ru and is maintaining according to DNSxL I-D.
> What are the inputs?

The input currently is server DNS names (i.e. only s2s so far). The 
format is described in the DNSxL I-D: 
http://tools.ietf.org/html/draft-irtf-asrg-dnsbl-08#section-3
> How does the operator of an XMPP service find out if their domain or 
> IP address is listed? Do you return a particular stream error to 
> entities that are on the DNSBL?

Those are not yet implemented. It's on my TODO list.
> How does a service remove itself from the list? Where is the list 
> maintained and by whom?

There is no such functionality yet. Please understand, we ran it as a 
testing service only for our purposes. However, everyone is able to 
maintain his own list. There are also software available for that 
purpose (rbldnsd for example). By the way, there is I-D available which 
discusses guidelines for the management of public DNSBLs by their 
operators - http://tools.ietf.org/html/draft-irtf-asrg-bcp-blacklists-05
> How does someone access the list?

Everybody can access it via DNS client ;)
> What if the machine on which the DNSBL is located gets hacked? Does 
> this introduce a single point of failure or attack for the XMPP network?

If you have only one DNSBL configured in your service then, yes, you are 
in troubles. However typically, you should have multiple DNSBLs 
configured (and even weighted and ranged) to get rid of that kind of 
bottle-neck.
> Personally I would prefer a decentralized technology like XEP-0268 to a
> centralized DNSBL.
>   

I read the XEP and didn't find where it is more decentralized than 
DNSBLs. Also, as I understand the XEP only describes reporting technics.

-- 
Regards,
Evgeniy Khramtsov, ProcessOne.
xmpp:xram at jabber.ru.



More information about the Operators mailing list