What if I placed an SURBL server in the beginning of my DNS query list? Then users would actually check SURBL for a domain in a web page. If it is in SURBL they will get a 127.0.0.x and get error. Which is good!
Am I missing something, or is it that easy?
Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin
hey,
Chris Santerre wrote:
What if I placed an SURBL server in the beginning of my DNS query list? Then users would actually check SURBL for a domain in a web page. If it is in SURBL they will get a 127.0.0.x and get error. Which is good!
Works! All you need to do is add the multi.surbl.org ( or whatever list you want to use ) to the Host Search order. So that x.com is looked up as x.org.multi.surbl.org
Whatever DNS servers you are using at the time, should keep working + Caching.
I run this at a few places. Works well across a squid proxy, specially since u can then have a real page on the 127.0.0.x interface ( = the gateway machine's ) telling your users what happened.
Is this what you had in mind ?
At 17:47 2004-08-03 +0100, Karanbir Singh wrote:
Chris Santerre wrote:
What if I placed an SURBL server in the beginning of my DNS query list? Then users would actually check SURBL for a domain in a web page. If it is in SURBL they will get a 127.0.0.x and get error. Which is good!
Works! All you need to do is add the multi.surbl.org ( or whatever list you want to use ) to the Host Search order. So that x.com is looked up as x.org.multi.surbl.org
This would only work for x.com, not www.x.com, etc. The SURBL servers - correctly - return NXDOMAIN when queried for subdomains of listed domains, rather than treat the listed domains as wildcards.
Also - this generates a lot of unnecessary dns queries for non-listed domains.
First, your client queries a surbl NS server for the RR host.not-surbl-listed.com.multi.surbl.org. Which results in a NXDOMAIN reply.
Your client then likely (exactly what happens depends on the specific environment) queries the surbl NS server for the RR host.not-surbl-listed.com. Which results in a "not authorative" or "query refused" reply.
Only then does your client proceed to the next resolver in its list and queries it for the RR host.domain.com and eventually get a positive reply.
Patrik
-
Chris Santerre -
Karanbir Singh -
Patrik Nilsson