Discuss mailing list

[Verax <verax AT 8chan.co>]

Just a small point of contention.  For a blocked entry you should return
0.0.0.0 (or ::), which is canonically an invalid IP, rather than
127.0.0.1 which is a valid IP address.

--Verax

On 08/24/2017 06:23 PM, Jonah Aragon wrote:
> Personally, I think they should be available without registration. It's
> trivial to just make an account if you're a malicious actor, and I doubt
> you'd be able to tell the difference between someone requesting it
> legitimately for their DNS server vs someone requesting it for the
> purposes you mentioned. 
> 
> On the other hand of that spectrum you could maybe only make it
> available to members that operate public servers, if you're that
> concerned about security of the information. But that would kill
> transparency for most other users here and I don't think that's a great
> idea.
> 
> Either way, I think you should add a text input for both the
> whitelisting and blacklisting options similar to the logging "policy"
> box where operators can enter information on what white/blacklists
> they've implemented (or just link to the lists they use) that could
> appear when you hover over the respective buttons on the main page like
> how logging functions now. That way users will be able to see exactly
> who/what is blocked without having to enter the servers page, and may
> clear up some confusion about what exactly whitelisting/blacklisting
> even is, which I know we get a lot of questions about on the IRC channel.
> 
> Jonah
> 
> On Thu, Aug 24, 2017, 5:11 PM Jeff Taylor <shdwdrgn AT sourpuss.net
> <mailto:shdwdrgn AT sourpuss.net>> wrote:
> 
>     We should actually consider that.  Currently it requires a valid
>     login to view the blacklist data that opennic members are using...
> 
>     Requiring authentication to read the data doesn't inhibit access --
>     you can still write a simple script to retrieve the data.  This does
>     prevent random unknown access to the information.  My concern with
>     making the data fully public is that someone writes a bot which
>     changes domains as rapidly as we post new blacklist entries. 
>     Perhaps there is a minimal chance of this happening, but it
>     *could*.  Or the data could be used for some other nefarious reason.
> 
>     Is there any beneficial reason to make the data available without a
>     login?  The only thing I can think of off hand is that regular users
>     may wish to see what is being blocked, but this is what should be
>     discussed.  There may be many pros and cons to requiring
>     authentication to access the data, so we should decide which way we
>     want to go with it.
> 
> 
>     There are other options as well. For example, I want to add new code
>     to the servers page so that each admin can mark exactly which
>     blacklists they are applying to their DNS server.  This allows
>     visitors to quickly see if someone is using a spamhaus list or some
>     other data, however it opens up another possibility.  The servers
>     page already allows logins, so if an admin marks that they are using
>     certain blacklists, I could also make the servers page show the
>     contents of those blacklists AFTER a user has logged in.  That way
>     all of the server information is still in one place and we still
>     have authentication for viewing the data.
> 
> 
> 
>     On 08/24/2017 04:30 AM, Wil wrote:
>>     You did tell about this. And after some consideration, that’s
>>     exactly what I did. At least to remain in line with my ISP (OVH).
>>
>>>     spamhaus is providing us with information on the .bit domains
>>>     they consider 'bad'
>>
>>     In fact, i was wondering if those informations were public somehow ?
>>
>>     Thanks again for your time.
>>
>>     Wil.
>>
> 
> 
>     --------
>     You are a member of the OpenNIC Discuss list.
>     You may unsubscribe by emailing
>     discuss-unsubscribe AT lists.opennicproject.org
>     <mailto:discuss-unsubscribe AT lists.opennicproject.org>
> 
> 
> 
> 
> 
> --------
> You are a member of the OpenNIC Discuss list. 
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org
>

Attachment: signature.asc
Description: OpenPGP digital signature