Michael Wise wrote: > > Back In The Day, there was a BCP for shutting down a DNSBL that > included running a daily check of the IP 127.0.0.1 (which should never > hit), IIRC, as well as 127.0.0.2 (which should always return a hit); > and if my memory serves, if either criteria was different (both listed > or neither listed), the DNSBL should be flagged as not to be trusted. >
127.0.0.2 should always be listed (for an IP based DNSbl) 127.0.0.1 does *not* mean the DNSbl should not be trusted - there was a lot of discussion on this, I don't recall if it was ever definitively answered, if I recall I suggested 0.0.0.0/32 and 255.255.255.255/32 as alternative "you should never list these" addresses... 127.0.0.1 is valid as a list address as a not list address (think a DNSbl giving RFC1912 addresses... one would think one wouldn't need it, but I can think of where I (and others) have used it quite deliberately.) I think there was general agreement that if you queried 127.0.0.2 and got any A record with an address not in 127.0.0.0/8 you should immediately disable the DNSBl (automatically if possible) Personally when evaluating odd DNSbl results I look for 127.0.0.2 as a 'is it working guide' if I get NXDOMAIN i look for 127.0.0.1, and then get positive a result for 127.0.0.1 I would immediately remove it from the config as a 'this has shutdown or is seriously errorred' similarly if I receive any A record that is not 127.0.0.0/8 from *any* query. > > > This is from memory, I remember a discussion … a decade or so ago? > And yes it was almost a decade ago... ;-) Michelle -- Michelle Sullivan http://www.mhix.org/ _______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
