[SURBL-Discuss] Re: [RulesEmporium] Rbldns and wildcards

Jeff Chan jeffc at surbl.org
Sat Apr 24 01:44:48 CEST 2004


On Friday, April 23, 2004, 6:06:47 PM, Dallas Engelken wrote:
>  dnset  Set of (possible wildcarded) domain names with associated A  and
>               TXT  values.   Similar  to  ip4set, but instead of IP addresses,
>               data consists of domain names (not in reverse form).  One domain
>               name  per  line,  possible  starting  with wildcard (either with
>               starâdot (*.) or just a dot).  Entry starting  with  exclamation
>               sign  is  exclusion.  Default value for all subsequent lines may
>               be specified by a line starting with a colon.

>               Wildcards are interpreted as follows:

>               example.com
>                      only  example.com  domain  is  listed,   not   subdomains
>                      thereof.  Not a wildcard entry.

>               *.example.com
>                      all  subdomains  of example.com are listed, but not examâ
>                      ple.com itself.

>               .example.com
>                      all subdomains of example.com and example.com itself  are
>                      listed.  This is a shortcut: to list a domain name itself
>                      and all itâs subdomains, one may either specify two lines
>                      (example.com  and  *.example.com),  or  one  line (.examâ
>                      ple.com).

> Instead of listing FQDN's, why not just list the TLD with a dot
> in front... For example,  list .mailnotice.biz instead of
> t.mailnotice.biz in case they change to some other letter in
> front of their 
> TLD.

There was a thread discussing BIND's lack of caching of wildcards
earlier:

  http://lists.surbl.org/pipermail/discuss/2004-April/000178.html

Not sure if rbldnsd falls under the same category, but in either
case we've taken a different approach to remove the subdomains/host
names on both the data and client sides so that we're only comparing
base domains between them.  If mailnotice.biz is the base domain
then that's all we look for in the SURBL and all we should be
extracting from the message body URI.

In other words we're deliberately using base domains everywhere
and not (wildcarded) subdomains.

Jeff C.




More information about the Discuss mailing list