discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Verax <verax AT 8chan.co>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] letit2 [.] bit blacklist
- Date: Fri, 25 Aug 2017 00:35:02 -0400
Just a small point of contention. For a blocked entry you should return
0.0.0.0 (or ::), which is canonically an invalid IP, rather than
127.0.0.1 which is a valid IP address.
--Verax
On 08/24/2017 06:23 PM, Jonah Aragon wrote:
> Personally, I think they should be available without registration. It's
> trivial to just make an account if you're a malicious actor, and I doubt
> you'd be able to tell the difference between someone requesting it
> legitimately for their DNS server vs someone requesting it for the
> purposes you mentioned.
>
> On the other hand of that spectrum you could maybe only make it
> available to members that operate public servers, if you're that
> concerned about security of the information. But that would kill
> transparency for most other users here and I don't think that's a great
> idea.
>
> Either way, I think you should add a text input for both the
> whitelisting and blacklisting options similar to the logging "policy"
> box where operators can enter information on what white/blacklists
> they've implemented (or just link to the lists they use) that could
> appear when you hover over the respective buttons on the main page like
> how logging functions now. That way users will be able to see exactly
> who/what is blocked without having to enter the servers page, and may
> clear up some confusion about what exactly whitelisting/blacklisting
> even is, which I know we get a lot of questions about on the IRC channel.
>
> Jonah
>
> On Thu, Aug 24, 2017, 5:11 PM Jeff Taylor <shdwdrgn AT sourpuss.net
> <mailto:shdwdrgn AT sourpuss.net>> wrote:
>
> We should actually consider that. Currently it requires a valid
> login to view the blacklist data that opennic members are using...
>
> Requiring authentication to read the data doesn't inhibit access --
> you can still write a simple script to retrieve the data. This does
> prevent random unknown access to the information. My concern with
> making the data fully public is that someone writes a bot which
> changes domains as rapidly as we post new blacklist entries.
> Perhaps there is a minimal chance of this happening, but it
> *could*. Or the data could be used for some other nefarious reason.
>
> Is there any beneficial reason to make the data available without a
> login? The only thing I can think of off hand is that regular users
> may wish to see what is being blocked, but this is what should be
> discussed. There may be many pros and cons to requiring
> authentication to access the data, so we should decide which way we
> want to go with it.
>
>
> There are other options as well. For example, I want to add new code
> to the servers page so that each admin can mark exactly which
> blacklists they are applying to their DNS server. This allows
> visitors to quickly see if someone is using a spamhaus list or some
> other data, however it opens up another possibility. The servers
> page already allows logins, so if an admin marks that they are using
> certain blacklists, I could also make the servers page show the
> contents of those blacklists AFTER a user has logged in. That way
> all of the server information is still in one place and we still
> have authentication for viewing the data.
>
>
>
> On 08/24/2017 04:30 AM, Wil wrote:
>> You did tell about this. And after some consideration, that’s
>> exactly what I did. At least to remain in line with my ISP (OVH).
>>
>>> spamhaus is providing us with information on the .bit domains
>>> they consider 'bad'
>>
>> In fact, i was wondering if those informations were public somehow ?
>>
>> Thanks again for your time.
>>
>> Wil.
>>
>
>
> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing
> discuss-unsubscribe AT lists.opennicproject.org
> <mailto:discuss-unsubscribe AT lists.opennicproject.org>
>
>
>
>
>
> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org
>
Attachment:
signature.asc
Description: OpenPGP digital signature
- Re: [opennic-discuss] letit2 [.] bit blacklist, (continued)
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Calum McAlinden, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Verax, 08/03/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/03/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Verax, 08/03/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Calum McAlinden, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, opennic, 08/23/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/24/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/24/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Wil, 08/24/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/24/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jonah Aragon, 08/24/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Verax, 08/25/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jonah Aragon, 08/24/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/24/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Wil, 08/24/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/02/2017
Archive powered by MHonArc 2.6.19.