Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] letit2 [.] bit blacklist

discuss AT

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] letit2 [.] bit blacklist

Chronological Thread 
  • From: Verax <verax AT>
  • To: discuss AT
  • Subject: Re: [opennic-discuss] letit2 [.] bit blacklist
  • Date: Fri, 25 Aug 2017 00:35:02 -0400

Just a small point of contention. For a blocked entry you should return (or ::), which is canonically an invalid IP, rather than which is a valid IP address.


On 08/24/2017 06:23 PM, Jonah Aragon wrote:
> Personally, I think they should be available without registration. It's
> trivial to just make an account if you're a malicious actor, and I doubt
> you'd be able to tell the difference between someone requesting it
> legitimately for their DNS server vs someone requesting it for the
> purposes you mentioned.
> On the other hand of that spectrum you could maybe only make it
> available to members that operate public servers, if you're that
> concerned about security of the information. But that would kill
> transparency for most other users here and I don't think that's a great
> idea.
> Either way, I think you should add a text input for both the
> whitelisting and blacklisting options similar to the logging "policy"
> box where operators can enter information on what white/blacklists
> they've implemented (or just link to the lists they use) that could
> appear when you hover over the respective buttons on the main page like
> how logging functions now. That way users will be able to see exactly
> who/what is blocked without having to enter the servers page, and may
> clear up some confusion about what exactly whitelisting/blacklisting
> even is, which I know we get a lot of questions about on the IRC channel.
> Jonah
> On Thu, Aug 24, 2017, 5:11 PM Jeff Taylor <shdwdrgn AT
> <mailto:shdwdrgn AT>> wrote:
> We should actually consider that. Currently it requires a valid
> login to view the blacklist data that opennic members are using...
> Requiring authentication to read the data doesn't inhibit access --
> you can still write a simple script to retrieve the data. This does
> prevent random unknown access to the information. My concern with
> making the data fully public is that someone writes a bot which
> changes domains as rapidly as we post new blacklist entries.
> Perhaps there is a minimal chance of this happening, but it
> *could*. Or the data could be used for some other nefarious reason.
> Is there any beneficial reason to make the data available without a
> login? The only thing I can think of off hand is that regular users
> may wish to see what is being blocked, but this is what should be
> discussed. There may be many pros and cons to requiring
> authentication to access the data, so we should decide which way we
> want to go with it.
> There are other options as well. For example, I want to add new code
> to the servers page so that each admin can mark exactly which
> blacklists they are applying to their DNS server. This allows
> visitors to quickly see if someone is using a spamhaus list or some
> other data, however it opens up another possibility. The servers
> page already allows logins, so if an admin marks that they are using
> certain blacklists, I could also make the servers page show the
> contents of those blacklists AFTER a user has logged in. That way
> all of the server information is still in one place and we still
> have authentication for viewing the data.
> On 08/24/2017 04:30 AM, Wil wrote:
>> You did tell about this. And after some consideration, that’s
>> exactly what I did. At least to remain in line with my ISP (OVH).
>>> spamhaus is providing us with information on the .bit domains
>>> they consider 'bad'
>> In fact, i was wondering if those informations were public somehow ?
>> Thanks again for your time.
>> Wil.
> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing
> discuss-unsubscribe AT
> <mailto:discuss-unsubscribe AT>
> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing discuss-unsubscribe AT

Attachment: signature.asc
Description: OpenPGP digital signature

Archive powered by MHonArc 2.6.19.

Top of Page