On 10/17/2013 08:08 PM, Kai Schaetzl wrote:
Axb wrote on Thu, 17 Oct 2013 17:05:48 +0200:
15 live SBL listings aren't collateral damage:
It doesn't matter if there is more evidence. The scoring via URIBL_SBL would
have happened no matter whether the other 14 exist or not.
It doesn't get the nameserver, it gets the NS IP
What's the difference?
I would think it's got to do:
- has hostname
- get nameservers for hostname/zone
- get IP addresses
not?
since SA 3.3.x you also query a list of NS names as in URIBL's extra
data sets:
http://www.uribl.com/datasets.shtml
black_ns.txt
Before SA 3.3, you could only query for a NS's IP.
Don't know of any public URI list which provides a *public* list of this
type, but I know of a number of privately run ones.
This rule has been around for +5 years and all of sudden, when it gets
good teeth ppl are suprised?
Surprised by my naivety, for instance ;-) I would not have thought it looks up
nameservers, although I may have read it about 5 years ago. (I've been using
SA much longer than 5 years.)
SA offers a huge wealth of features to make our lives easier -
following the develpment list /SVN commits is a good way of goind deeper.
I think it's good that these issues come up, as people can make up their mind,
changes can be done or rules disabled or they just continue using and adjust
their scores ...
Most don't need or want to wade into the code so SA devs have always
trie to deliver a working set for most, but there's a lot to more to
discover under the hood.
