On 10/02/2014 11:50 PM, Philip Prindeville wrote:
On Oct 2, 2014, at 1:42 PM, Axb <axb.li...@gmail.com> wrote:
On 10/02/2014 08:50 PM, Philip Prindeville wrote:
The issue we’ve been having with Blacklotus (self-appointed
champions of everyone’s right to be on the internet, no matter
how shady, is the impression I got from speaking to their sales
department a while ago) has one commonality.
All of the domains that resolve to 192.3.186.4 are registered to
registrar-servers.com.
How do I go about blocking based on the NS records for a given
domain having NS records with an RHS of
dns\d+\.registrar-servers\.com ?
Also noticed that all of the A records for these DNS servers
points to… anyone want to guess? … Blacklotus?
What upstandingly egalitarian folks that want to give an
internet soapbox to even the most shady amongst us! How
horribly misunderstood they must be for this veiled virtue!
192.3.186.4 is Colocrossing, not BlackLotus
Sorry, typo: 192.31.186.4
put these CIDrs in a rbldnsd [1] zone
Black Lotus Communications BLACK-LOTUS-COMMUNICATIONS
(NET-162-254-240-0-1) 162.254.240.0 - 162.254.243.255 Black Lotus
Communications NET-208-64-120-0-1 (NET-208-64-120-0-1) 208.64.120.0
- 208.64.127.255 Black Lotus Communications
BLACK-LOTUS-COMMUNICATIONS (NET-192-184-8-0-1) 192.184.8.0 -
192.184.15.255 Black Lotus Communications
BLACK-LOTUS-COMMUNICATIONS (NET-199-59-160-0-1) 199.59.160.0 -
199.59.167.255 Black Lotus Communications
BLACK-LOTUS-COMMUNICATIONS (NET6-2604-8300-1) 2604:8300:: -
2604:8300:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF Black Lotus Communications
BLACK-LOTUS-COMMUNICATIONS (NET-192-31-184-0-1) 192.31.184.0 -
192.31.187.255 Black Lotus Communications (AS32421) BLCC 32421
for example
uriarec.example.net:ip4set:blacka.rbldnsd
the use a SA rule
uridnssub YOUR_A_REC_BL uriarec.example.net. A 127.0.0.2
body YOUR_A_REC_BL eval:check_uridnsbl('YOUR_A_REC_BL')
describe YOUR_A_REC_BL URL domain listed in YOU A REC BL
tflags YOUR_A_REC_BL net a score YOUR_A_REC_BL
3.0
bingo... any domain's A rec hosted on Black Lotus IP will get the
rule's score...
[1] http://www.corpit.ru/mjt/rbldnsd.html
if you need help in setting up rbldnsd, just yell.
Was hoping to avoid having to run rbldnsd… hence the query for a
plugin way around this.
What's wrong with running rbldnsd? It's the tool all BLs use for
mirroring BL data. It's so stable and simple to use nothing can beat it.
not even a SA plugin. Speed is amazing and memory usage is optimized for
the job. You can load full SURBL/Spamhaus/URIBL/Invaluement mirrors and
only use 350MB ram (atm, Spamhaus' XBL list is a 146 MB zone file)
a little VM or old PC with 512MB ram, miminal OS is all you need to run it.
I bet you could even run it on some little ARM, RasPi like toy.
If you run a Redhat clone, there's rpms available, there's Debian and
*BSD packages floating around as well.
