Jason Haar wrote: > On 12/17/2009 03:30 PM, Marc Perkel wrote: >> Then the third filed is NONE. That's how I do it. But the idea is >> that any kind of daya can be collectively gathered and distributed. >> > Instead of a TCP channel (which means software), what about using DNS? > If the SA clients did RBL lookups that contained the details as part > of the query, then if your end parses DNS logs (I'm thinking djbdns, > don't know about BIND), then you could extract the data yourself.
There is significant chance of queries not making it to Marc's DNS due to caching. /Per Jessen, Zürich
