Ah yes.. have to have the ACL's in place to send empty replies ;)
With our company having run RBL's for well over 10 years, (like many
others on this list) we have seen it all, spammers checking for clean IP
space, employees at competitors, the 'startups' wanting to seed their
data sets (don't they understand and respect the time and effort that
went into this?) and even large telco's (yes, you can afford a
subscription), not to mention the bad actors that want to disrupt the
service for their own evil plans of world domination..
Luckily, mirror nodes are cheap, and many good companies out there are
also willing to offer mirrors, and we use our own custom 'rbldnsd' with
a custom data distribution method (we should share more of this to
others) so our load is a lot lighter, but yes....
Anyone wanting to 'fire up' an RBL, willing have teething pains :)
On 2019-01-08 3:54 p.m., Bill Cole wrote:
No, the difficult part of running a DNSBL is handling the query load.
I run a private DNSBL whose base zone has only ever appeared in 5xx
replies and well over a decade ago on some now-defunct technical
discussion lists more obscure than this one and on one web page on my
ultra-low-traffic website. It has never provided public service, thanks
to BIND views.
A handful of resolving entities attempt hundreds of thousands of queries
against that zone most days. They have never received useful responses.
Many now receive NO responses now, because one IP4 broker
(apparently...) has taken to using AWS instances to send scores of
thousands of queries regarding a single entirely unrouted /20 in
parallel every day between 2100Z and 2110Z. Each IP is queried against
the DNSBL from multiple AWS zones all at once. Until I started
automatically dropping Amazon /24s into a "no DNS for you" IP set on my
external router, my authoritative DNS server was basically useless for
5-10 minutes almost every day. When they ask my secondary because I
don't respond, they get no answers and a referral to '.' as the NS for
the DNSBL zone.
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
