Discuss mailing list

["Daniel Quintiliani" <danq AT runbox.com>]

I say we don't follow strangers' orders with this until Spamhaus gives us all 
a minimum wage payment.

--

-Dan Q


On Wed, 02 Aug 2017 15:57:52 -0400 (EDT), "Daniel Quintiliani" 
<danq AT runbox.com> wrote:

> I can't help but think of the banned South Park episode where the character 
> said something like "first we'll get rid of the stuff the Catholics don't 
> like, then we'll get rid of the stuff the Muslims don't like, then 
> eventually we won't exist at all!"
> 
> --
> 
> -Dan Q
> 
> On Wed, 2 Aug 2017 20:02:49 +0100, Calum McAlinden <calum AT mcalinden.me.uk> 
> wrote:
> 
> > I think that a blacklist preventing these domains from ever being 
> > included in the zone would be a good idea. It could be published, 
> > produced and reviewed democratically with full transparency. I would be 
> > willing to produce some sort of web interface for this.
> > 
> > Would anyone be in favour of such system? I sense that there is a lot of 
> > opposition for any blocking of any kind, but it is important to 
> > acknowledge that these domains would probably fall foul of OpenNIC 
> > policies and be removed if they were OpenNIC TLDs. It would not make 
> > OpenNIC any less democratic, and it is not much different to blocking on 
> > individual T2s anyway.
> > 
> > On 02/08/17 18:44, Jeff Taylor wrote:
> > > I received complaints today that outgoing emails are getting blocked by 
> > > spamhaus SBL due to resolving tehnomix.bit. The block is on a single IP 
> > > address with a /32 mask, so damage is limited but unfortunately still 
> > > causing a problem.  For now this domain has been blackholed into 
> > > 127.0.0.1.  Anyone using ns1.co.us.dns.opennic.glue will be affected by 
> > > this.
> > > 
> > > Checking my logs, I've had 301,958 lookups on my servers in the past 
> > > 11.5 hours.  Apparently I screwed something up with my new internet 
> > > connection because my servers are supposed to require whitelisting but 
> > > they are answering all queries... gonna have to fix that!
> > > 
> > > Also of note... since the block is for a single IP address, I believe 
> > > the issue is that the DNS server is on the same IP and my mail server. 
> > > Unlike the others here, I did NOT receive any notice from spamhaus 
> > > regarding being blocked.
> > > 
> > > Now for anyone else in a bind that needs to blackhole a specific domain 
> > > name under BIND9, the process is fairly simple, but as mentioned 
> > > previously you want to be open about any such changes you make to 
> > > OpenNic servers, and any such blocking is typically not allowed under 
> > > opennic rules...
> > > 
> > > -----
> > > 
> > > First you want to create a zone file to handle generic entries:
> > > 
> > > -- db.blacklisted --
> > > ;
> > > ; Blacklisted domains that should be blocked from resolving
> > > ;
> > > $TTL 3600
> > > @                       IN      SOA     ns1.example.com. hostmaster (
> > >                                  2017080200 ; serial
> > >                                  3600 ; refresh
> > >                                  180 ; retry
> > >                                  86400 ; expire
> > >                                  3600 ; default TTL
> > >                                  )
> > >                          IN      NS      127.0.0.1
> > >                          IN      A       127.0.0.1
> > > *                       IN      A       127.0.0.1
> > >                          IN      AAAA    ::1
> > > *                       IN      AAAA    ::1
> > > 
> > > 
> > > Next you need config file for BIND9 to handle to entries:
> > > 
> > > -- /etc/bind/named.blacklisted --
> > > zone "letit2.bit" {type master; file "/path/to/db.blacklisted";};
> > > zone "tehnomix.bit" {type master; file "/path/to/db.blacklisted";};
> > > 
> > > 
> > > And finally, add an include to your named.conf:
> > > include "/etc/bind/named.blacklisted";
> > > 
> > > 
> > > Reload bind, and check to see the results:
> > > # dig tehnomix.bit @localhost
> > > 
> > > ;; ANSWER SECTION:
> > > tehnomix.bit.           3600    IN      A       127.0.0.1
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > --------
> > > You are a member of the OpenNIC Discuss list.
> > > You may unsubscribe by emailing 
> > > discuss-unsubscribe AT lists.opennicproject.org
> > > 
> > 
> > 
> > --------
> > You are a member of the OpenNIC Discuss list. 
> > You may unsubscribe by emailing 
> > discuss-unsubscribe AT lists.opennicproject.org
> 
> 
> --------
> You are a member of the OpenNIC Discuss list. 
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org