Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] letit2 [.] bit blacklist

discuss AT

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] letit2 [.] bit blacklist

Chronological Thread 
  • From: Jeff Taylor <shdwdrgn AT>
  • To: discuss AT
  • Subject: Re: [opennic-discuss] letit2 [.] bit blacklist
  • Date: Wed, 23 Aug 2017 20:49:30 -0600
  • Authentication-results:; dmarc=none
  • Dmarc-filter: OpenDMARC Filter v1.3.0 C42FD2D4CF

I thought I had already sent out this info, but spamhaus is providing us with information on the .bit domains they consider 'bad'.  Obviously whether you choose to use that information is up to you, but at least we do have the data available now to know what they are looking at.  I believe these entries are being updated at least once a day, and entries are removed after 3 days.

First off you need an opennic user account.  Go to and create an account or log in to your existing account.  Look at the bottom of the page and there will be two example lines there.  The important part you want to copy is where it reads ?user=<username>&auth=<authcode>

To view a list of all the domains in the opennic blacklist, you can use the API page:<username>&auth=<authcode>

If you want to generate a file compatible with BIND9, you can ask for a specific category:<username>&auth=<authcode>&cat=spamhaus:sbl

If you need a custom path in the output to match your configuration, you could also add that to the URL:<username>&auth=<authcode>&cat=spamhaus:sbl&path=/var/named


Now what do you do with this information?  Well if you want to blackhole the domain, you can just reply with localhost (  To do this you need a generic zone file and the data returned by the API.  Within the folder where you store your zone files (perhaps using the path you specified to the API), create a file named "db.opennic_filter.spamhaus:sbl" and put in the following contents:

; Blacklisted domains that should be blocked from resolving
$TTL 3600
@                       IN      SOA hostmaster (
                                2017082300 ; serial
                                3600 ; refresh
                                180 ; retry
                                86400 ; expire
                                3600 ; default TTL
                        IN      NS
                        IN      A
*                       IN      A
                        IN      AAAA    ::1
*                       IN      AAAA    ::1

Save the data from the API page in the same location as named.conf, giving it a name such as "named.blacklisted".

And finally, you need to update your named.conf to include the API data page by adding a line such as this:

include "/etc/bind/named.blacklisted";

Now you can restart BIND9 and test that the blackholed domains return to your queries.  Note that the API was written so we can create blacklists under different names, allowing admins to choose which information they wish to use.  The zone file is saved using the name of the blacklist, so you could have different lists give different responses.

Hope that helps.

On 08/23/2017 07:17 AM, opennic AT wrote:

I just wanted to know if @Jeff Taylor had heard about SpamHaus and a way to
manage the so called .bit domains problem ?

After some discussion with OVH abuse service, it looks like they might keep on
suspend IPs reported by SpamHaus !

In the list of .bit domains Spamhaus gave in the report
(https://www.spamhaus[.]org/sbl/query/SBL366082), some resolved IP are still
listed, others removed and some just never recorded...

It's a real headache to do this "the right way" and have an up-to-date
domains that should be blocked or removed from a blacklist.
I say should, because, again, I do not see as an obligation to blacklist a
domain, just because SpamHaus asked to.


You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT

Archive powered by MHonArc 2.6.19.

Top of Page