dns-operations AT lists.opennicproject.org

Subject: Dns-operations mailing list

List archive

Re: [opennic-dns-operations] Blacklisting to go with our whitelisting

From: Amunak <amunak AT amunak.net>
To: dns-operations AT lists.opennicproject.org
Subject: Re: [opennic-dns-operations] Blacklisting to go with our whitelisting
Date: Tue, 22 Jul 2014 21:55:30 +0200

Could you perhaps provide a nested list with all the whitelists and blacklist merged to one acl in the API? I't just a minor convenience thing; we wouldn't have to do it ourselves. And whoever wants have full control and use only white/blacklist can still do that.

[2014-07-22 21:18+0200] Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:

Even if you don't use whitelisting, you may still benefit from blacklisting. To obtain the ACL file (BIND only), please see the wget example when you log in to the members page (if you are not currently listed as a T2 operator in LDAP you will not see the information -- again, just contact me off-list). The file will contain an entry for opennic_blacklist. If you are using both white and black listing, you will want to specify something like
{ !opennic_blacklist; opennic_whitelist; }
for your recursion and query allows... Deny the blacklist entries first before allowing the whitelist entries. Use similar logic for any other rules your setup may have.

[opennic-dns-operations] Blacklisting to go with our whitelisting, Jeff Taylor, 07/22/2014
- Re: [opennic-dns-operations] Blacklisting to go with our whitelisting, Amunak, 07/22/2014
  - Re: [opennic-dns-operations] Blacklisting to go with our whitelisting, Jeff Taylor, 07/22/2014
    - Re: [opennic-dns-operations] Blacklisting to go with our whitelisting, Amunak, 07/23/2014