Discuss mailing list

[Al Beano <albino AT autistici.org>]

Why does it matter? Spamhaus can make as many lists as they want, OpenNIC 
doesn't answer to them.

If they're going to do this, I think it's best to concede that you can't run 
DNS and mail on a single server — I'd rather that than be bullied by 
Spamhaus. 

On 2 August 2017 18:44:15 BST, Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:
>I received complaints today that outgoing emails are getting blocked by
>
>spamhaus SBL due to resolving tehnomix.bit. The block is on a single IP
>
>address with a /32 mask, so damage is limited but unfortunately still 
>causing a problem.  For now this domain has been blackholed into 
>127.0.0.1.  Anyone using ns1.co.us.dns.opennic.glue will be affected by
>
>this.
>
>Checking my logs, I've had 301,958 lookups on my servers in the past 
>11.5 hours.  Apparently I screwed something up with my new internet 
>connection because my servers are supposed to require whitelisting but 
>they are answering all queries... gonna have to fix that!
>
>Also of note... since the block is for a single IP address, I believe 
>the issue is that the DNS server is on the same IP and my mail server. 
>
>Unlike the others here, I did NOT receive any notice from spamhaus 
>regarding being blocked.
>
>Now for anyone else in a bind that needs to blackhole a specific domain
>
>name under BIND9, the process is fairly simple, but as mentioned 
>previously you want to be open about any such changes you make to 
>OpenNic servers, and any such blocking is typically not allowed under 
>opennic rules...
>
>-----
>
>First you want to create a zone file to handle generic entries:
>
>-- db.blacklisted --
>;
>; Blacklisted domains that should be blocked from resolving
>;
>$TTL 3600
>@                       IN      SOA     ns1.example.com. hostmaster (
>                                 2017080200 ; serial
>                                 3600 ; refresh
>                                 180 ; retry
>                                 86400 ; expire
>                                 3600 ; default TTL
>                                 )
>                         IN      NS      127.0.0.1
>                         IN      A       127.0.0.1
>*                       IN      A       127.0.0.1
>                         IN      AAAA    ::1
>*                       IN      AAAA    ::1
>
>
>Next you need config file for BIND9 to handle to entries:
>
>-- /etc/bind/named.blacklisted --
>zone "letit2.bit" {type master; file "/path/to/db.blacklisted";};
>zone "tehnomix.bit" {type master; file "/path/to/db.blacklisted";};
>
>
>And finally, add an include to your named.conf:
>include "/etc/bind/named.blacklisted";
>
>
>Reload bind, and check to see the results:
># dig tehnomix.bit @localhost
>
>;; ANSWER SECTION:
>tehnomix.bit.           3600    IN      A       127.0.0.1
>
>
>
>
>------------------------------------------------------------------------
>
>
>
>--------
>You are a member of the OpenNIC Discuss list. 
>You may unsubscribe by emailing
>discuss-unsubscribe AT lists.opennicproject.org