Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

Well I got my whitelist access issue sorted out.  Funny thing is I think 
I had an open resolver running on the old ISP as well.  Now it's working 
properly so it will resolve any of my local domains for everyone, but 
only resolve recursively to those who are whitelisted.  That should also 
resolve my issues with spamhaus and anyone else who wants to pretend 
like they are the guardians of the internet.

The filter has been pulled from ns1.co.us.dns.opennic.glue, it is once 
again fully resolving the internet.

I agree that we should not be bullied by entities such as spamhaus. I 
mean, they're a great filter, I use the myself on my mail servers, but 
they are certainly NOT going to stop the spam problem by blacklisting 
all opennic servers.  However you have to keep in mind that opennic is 
run by *volunteers*.  We don't all have money to pay for both our 
private connections AND a hosted server, and some concessions should be 
made since this whole project started out on people's home servers and 
many of us still run services from there.

Whitelisting is certainly an option though.  That's what I do (or 
*thought* I was doing) and when it's working properly it should prevent 
any such issues from outside entities blocking us.  However perhaps it 
is time to reconsider a 'filtered' option?  A number of servers run on 
multiple ports... what if we had a domain blacklist distributed through 
the API that would allow people to run filtered DNS queries on port 53, 
but allow unrestricted queries through an alternate port?  For that 
matter, I could even see running whitelisting on port 53 and 
unrestricted access on an alternate port.  There are any number of 
possibilities available here, so I don't think we should discount any 
options that allow our members to continue running their public servers 
without harassment.


On 08/02/2017 02:16 PM, Al Beano wrote:
> Why does it matter? Spamhaus can make as many lists as they want, OpenNIC 
> doesn't answer to them.
>
> If they're going to do this, I think it's best to concede that you can't run 
> DNS and mail on a single server — I'd rather that than be bullied by Spamhaus.