discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: "Daniel Quintiliani" <danq AT runbox.com>
- To: "discuss" <discuss AT lists.opennicproject.org>
- Subject: Re: [opennic-discuss] letit2 [.] bit blacklist
- Date: Wed, 02 Aug 2017 16:00:44 -0400 (EDT)
I say we don't follow strangers' orders with this until Spamhaus gives us all
a minimum wage payment.
--
-Dan Q
On Wed, 02 Aug 2017 15:57:52 -0400 (EDT), "Daniel Quintiliani"
<danq AT runbox.com> wrote:
> I can't help but think of the banned South Park episode where the character
> said something like "first we'll get rid of the stuff the Catholics don't
> like, then we'll get rid of the stuff the Muslims don't like, then
> eventually we won't exist at all!"
>
> --
>
> -Dan Q
>
> On Wed, 2 Aug 2017 20:02:49 +0100, Calum McAlinden <calum AT mcalinden.me.uk>
> wrote:
>
> > I think that a blacklist preventing these domains from ever being
> > included in the zone would be a good idea. It could be published,
> > produced and reviewed democratically with full transparency. I would be
> > willing to produce some sort of web interface for this.
> >
> > Would anyone be in favour of such system? I sense that there is a lot of
> > opposition for any blocking of any kind, but it is important to
> > acknowledge that these domains would probably fall foul of OpenNIC
> > policies and be removed if they were OpenNIC TLDs. It would not make
> > OpenNIC any less democratic, and it is not much different to blocking on
> > individual T2s anyway.
> >
> > On 02/08/17 18:44, Jeff Taylor wrote:
> > > I received complaints today that outgoing emails are getting blocked by
> > > spamhaus SBL due to resolving tehnomix.bit. The block is on a single IP
> > > address with a /32 mask, so damage is limited but unfortunately still
> > > causing a problem. For now this domain has been blackholed into
> > > 127.0.0.1. Anyone using ns1.co.us.dns.opennic.glue will be affected by
> > > this.
> > >
> > > Checking my logs, I've had 301,958 lookups on my servers in the past
> > > 11.5 hours. Apparently I screwed something up with my new internet
> > > connection because my servers are supposed to require whitelisting but
> > > they are answering all queries... gonna have to fix that!
> > >
> > > Also of note... since the block is for a single IP address, I believe
> > > the issue is that the DNS server is on the same IP and my mail server.
> > > Unlike the others here, I did NOT receive any notice from spamhaus
> > > regarding being blocked.
> > >
> > > Now for anyone else in a bind that needs to blackhole a specific domain
> > > name under BIND9, the process is fairly simple, but as mentioned
> > > previously you want to be open about any such changes you make to
> > > OpenNic servers, and any such blocking is typically not allowed under
> > > opennic rules...
> > >
> > > -----
> > >
> > > First you want to create a zone file to handle generic entries:
> > >
> > > -- db.blacklisted --
> > > ;
> > > ; Blacklisted domains that should be blocked from resolving
> > > ;
> > > $TTL 3600
> > > @ IN SOA ns1.example.com. hostmaster (
> > > 2017080200 ; serial
> > > 3600 ; refresh
> > > 180 ; retry
> > > 86400 ; expire
> > > 3600 ; default TTL
> > > )
> > > IN NS 127.0.0.1
> > > IN A 127.0.0.1
> > > * IN A 127.0.0.1
> > > IN AAAA ::1
> > > * IN AAAA ::1
> > >
> > >
> > > Next you need config file for BIND9 to handle to entries:
> > >
> > > -- /etc/bind/named.blacklisted --
> > > zone "letit2.bit" {type master; file "/path/to/db.blacklisted";};
> > > zone "tehnomix.bit" {type master; file "/path/to/db.blacklisted";};
> > >
> > >
> > > And finally, add an include to your named.conf:
> > > include "/etc/bind/named.blacklisted";
> > >
> > >
> > > Reload bind, and check to see the results:
> > > # dig tehnomix.bit @localhost
> > >
> > > ;; ANSWER SECTION:
> > > tehnomix.bit. 3600 IN A 127.0.0.1
> > >
> > >
> > >
> > >
> > >
> > >
> > > --------
> > > You are a member of the OpenNIC Discuss list.
> > > You may unsubscribe by emailing
> > > discuss-unsubscribe AT lists.opennicproject.org
> > >
> >
> >
> > --------
> > You are a member of the OpenNIC Discuss list.
> > You may unsubscribe by emailing
> > discuss-unsubscribe AT lists.opennicproject.org
>
>
> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Calum McAlinden, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Daniel Quintiliani, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Daniel Quintiliani, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Calum McAlinden, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Daniel Quintiliani, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/03/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/04/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/04/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Amunak, 08/05/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/06/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Amunak, 08/05/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/04/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/04/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Daniel Quintiliani, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Al Beano, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Calum McAlinden, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Verax, 08/03/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Calum McAlinden, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Calum McAlinden, 08/02/2017
Archive powered by MHonArc 2.6.19.