On 24-09-2024 16:10, Matus UHLAR - fantomas wrote:
TL;DR: Rather than using an in-band signal of a special reply value
to queries from blocked users, as do other DNS-Based List operators,
DNSWL.org sends back a "listed high" response to all queries. I was
unaware
On 2024-09-24 at 04:18:06 UTC-0400 (Tue, 24 Sep 2024 10:18:06 +0200)
Matthias Leisi <matth...@leisi.net> is rumored to have said:
Not to all queries. It is sent to resolvers who consistently go above
the limits, sometimes for months and years after receiving the
blocked response.
On 24.09.24 09:13, Bill Cole wrote:
I don't see how that's significant. The documented policy is directly
and intentionally harmful to users.
I understand this case as "abusers" instead of users.
Doing that is a legitimate choice by a reputation service, but it's
not one SA can endorse. The fact that it is enforced by whim rather
than mechanically is not a positive factor.
Is there any possibility to detect clients using open DNS, perhaps other
than RCVD_IN_ZEN_BLOCKED_OPENDNS ?
Then, block all dnsbl/rhsbl rules?
Adding to ideas:
it might be helpful to have a way to trigger messages to syslog from a
rule. Filling syslog with messages about blocked queries might be a
better incentive/attention-grabber for ignorant/uninformed sysadmins to
resolve DNS related issues than a non-scoring hit in the message headers.
Kind regards,
Tom
