On Thu, 26 Sep 2024, Matus UHLAR - fantomas wrote:
On 26.09.24 18:11, Peter wrote:
I'm not very proficient at SA rules so I won't attempt to write one for
this, but perhaps this would help:
$ dig amiblocked.dnswl.org txt @1.1.1.1 +short
"You are blocked from using list.dnswl.org through public nameservers"
"yes"
$ dig amiblocked.dnswl.org txt @127.0.0.1 +short
"no"
It looks like the above test is definitive and works regardless of what
other codes might be returned.
% dig amiblocked.dnswl.org txt @1.1.1.1
amiblocked.dnswl.org. 300 IN TXT "no"
however this needs one more DNS lookup, which is the opposite of what we
need.
If this were reliable, it could be used by system installers
to set the initial configuration to something appropriate for
the existing local DNS setup.
BTW today I get different results for open resolvers - 1.1.1.1 and 9.9.9.9
return 127.0.6.2, 8.8.8.8 returns nothing (was 127.0.10.3 a while ago).
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
