Dns-operations mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

I'm not sure how that would work... if you have all the whitelist and blacklist IPs listed in the same ACL, how would you know which ones were supposed to be blocked and which were allowed?

On 07/22/2014 01:55 PM, Amunak wrote:

 Could you perhaps provide a nested list with all the whitelists and blacklist merged to one acl in the API? I't just a minor convenience thing; we wouldn't have to do it ourselves. And whoever wants have full control and use only white/blacklist can still do that.

[2014-07-22 21:18+0200] Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:

Even if you don't use whitelisting, you may still benefit from blacklisting.  To obtain the ACL file (BIND only), please see the wget example when you log in to the members page (if you are not currently listed as a T2 operator in LDAP you will not see the information -- again, just contact me off-list).  The file will contain an entry for opennic_blacklist.  If you are using both white and black listing, you will want to specify something like
{ !opennic_blacklist; opennic_whitelist; }
for your recursion and query allows... Deny the blacklist entries first before allowing the whitelist entries.  Use similar logic for any other rules your setup may have.

----
To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org