On 26/09/24 01:20, Matus UHLAR - fantomas wrote:
Root Cause Analysis (in order):
1) DNSWL does not provide blocked codes. That deviates from most
DNS-query based systems.
On 24.09.24 20:43, Matthias Leisi wrote:
This is wrong.
I have checked with 1.1.1.1, where queries only return 127.0.10.3
It would help SA (and perhaps also DNSWL) if DNSWL would return
127.0.0.255 in addition to 127.0.10.3
- there is already rule to suspend
header RCVD_IN_DNSWL_BLOCKED
eval:check_rbl_sub('dnswl-firsttrusted', '^127\.0\.\d+\.255$')
dns_block_rule RCVD_IN_DNSWL_BLOCKED list.dnswl.org
I'm not very proficient at SA rules so I won't attempt to write one for
this, but perhaps this would help:
$ dig amiblocked.dnswl.org txt @1.1.1.1 +short
"You are blocked from using list.dnswl.org through public nameservers"
"yes"
$ dig amiblocked.dnswl.org txt @127.0.0.1 +short
"no"
It looks like the above test is definitive and works regardless of what
other codes might be returned.
Peter
