Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

    I thought I had already sent out this info, but spamhaus is
    providing us with information on the .bit domains they consider
    'bad'.  Obviously whether you choose to use that information is up
    to you, but at least we do have the data available now to know what
    they are looking at.  I believe these entries are being updated at
    least once a day, and entries are removed after 3 days.
    
    First off you need an opennic user account.  Go to
    https://opennic.org/members/ and create an account or log in to your
    existing account.  Look at the bottom of the page and there will be
    two example lines there.  The important part you want to copy is
    where it reads ?user=<username>&auth=<authcode>
    
    To view a list of all the domains in the opennic blacklist, you can
    use the API page:
https://api.opennicproject.org/acl/filter/?user=<username>&auth=<authcode>
    
    If you want to generate a file compatible with BIND9, you can ask
    for a specific category:
https://api.opennicproject.org/acl/filter/?user=<username>&auth=<authcode>&cat=spamhaus:sbl
    
    If you need a custom path in the output to match your configuration,
    you could also add that to the URL:
https://api.opennicproject.org/acl/filter/?user=<username>&auth=<authcode>&cat=spamhaus:sbl&path=/var/named
    
    ----------
    
    Now what do you do with this information?  Well if you want to
    blackhole the domain, you can just reply with localhost
    (127.0.0.1).  To do this you need a generic zone file and the data
    returned by the API.  Within the folder where you store your zone
    files (perhaps using the path you specified to the API), create a
    file named "db.opennic_filter.spamhaus:sbl" and put in the following
    contents:
    
    ;
    
    ; Blacklisted domains that should be blocked from resolving
    
    ;
    
    $TTL 3600
    
    @                       IN      SOA     ns1.example.com. hostmaster
    (
    
                                    2017082300 ; serial
    
                                    3600 ; refresh
    
                                    180 ; retry
    
                                    86400 ; expire
    
                                    3600 ; default TTL
    
                                    )
    
                            IN      NS      127.0.0.1
    
                            IN      A       127.0.0.1
    
    *                       IN      A       127.0.0.1
    
                            IN      AAAA    ::1
    
    *                       IN      AAAA    ::1
    
    
    
    Save the data from the API page in the same location as named.conf,
    giving it a name such as "named.blacklisted".
    
    And finally, you need to update your named.conf to include the API
    data page by adding a line such as this:
    
    include "/etc/bind/named.blacklisted";
    
    Now you can restart BIND9 and test that the blackholed domains
    return 127.0.0.1 to your queries.  Note that the API was written so
    we can create blacklists under different names, allowing admins to
    choose which information they wish to use.  The zone file is saved
    using the name of the blacklist, so you could have different lists
    give different responses.
    
    Hope that helps.

On 08/23/2017 07:17 AM, opennic AT lesspheres.fr wrote:

Hi,

I just wanted to know if @Jeff Taylor had heard about SpamHaus and a way to
manage the so called .bit domains problem ?

After some discussion with OVH abuse service, it looks like they might keep on
suspend IPs reported by SpamHaus !

In the list of .bit domains Spamhaus gave in the report
(https://www.spamhaus[.]org/sbl/query/SBL366082), some resolved IP are still
listed, others removed and some just never recorded...

It's a real headache to do this "the right way" and have an up-to-date
domains that should be blocked or removed from a blacklist.
I say should, because, again, I do not see as an obligation to blacklist a
domain, just because SpamHaus asked to.

Thanks,
Wil.
      
      
      

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org