Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

Regarding blacklists... First off, yes I would definitely be in favor of 
such a system, and in fact we already have the initial framework in 
place.  Remember the whitelist API?  I also set up a blacklist API with 
the same code.  The data resides in LDAP and is part of the ACL list 
generated by another API.

After my experiments with blocking an individual domain in BIND 
yesterday, I believe I could modify the blacklist API to also accept 
domain names. The ACL file would then create separate entries for the 
domain names that would feed into a localhost hole.  Anyone can pick up 
these files and use them however they want, and I could even add 
categories to the entries so that members have even finer control of 
what they block.  As always opennic server operators will be free to 
operate their servers according to their own rules, however I think it 
that considering the problems we've seen it would be useful to at least 
provide the tools to handle the issue for those that want it.


On 08/02/2017 01:02 PM, Calum McAlinden wrote:
> I think that a blacklist preventing these domains from ever being 
> included in the zone would be a good idea. It could be published, 
> produced and reviewed democratically with full transparency. I would 
> be willing to produce some sort of web interface for this.
>
> Would anyone be in favour of such system? I sense that there is a lot 
> of opposition for any blocking of any kind, but it is important to 
> acknowledge that these domains would probably fall foul of OpenNIC 
> policies and be removed if they were OpenNIC TLDs. It would not make 
> OpenNIC any less democratic, and it is not much different to blocking 
> on individual T2s anyway.