>> Back In The Day, there was a BCP for shutting down a DNSBL that included >> running a daily check of the IP >127.0.0.1 (which should never hit), IIRC, as well as 127.0.0.2 (which should >always return a hit); and if my >memory serves, if either criteria was different (both listed or neither >listed), the DNSBL should be flagged as >not to be trusted.
RFC 5782 says that a live DNSxL does list 127.0.0.2 to show that it's alive, and does not list 127.0.0.1 to show that it's not wildcarded. We published that in 2010 but it was in draft form for quite a while before that. For IPv6 BLs, you list ::ffff:127.0.0.2 and don't list ::ffff:127.0.0.1. For name BLs, you list TEST and don't list INVALID. >IIRC it's explicitly called out as something you can do in Chris and Matt's >DNSBL RFC. That's RFC 6471. It suggests you shut down a DNSBL by delegating it to non-existent name servers in test network 192.0.2.0/24. >I don't know of anyone who implemented it. Implemented what? I have a script that runs once a week to test all the BLs I use for 127.0.0.2 and 127.0.0.1. It comments out any that fail and sends me a note. I think I've caught one or two abandoned ones from my list that way. R's, John _______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
