Ooh, battle of the RFCs, both of whom's authors are on this list ;-)
RFC 6471
1.2. Guidance for DNSBL Users
This section is more generally about understanding the DNSBLs you use
and using them properly, including this (where the subject at hand can
be considered part of the "practise". IOW: *know* the DNSBL you're
using so that you can use it properly:
It is the responsibility of the system administrators who adopt one
or more DNSBLs to evaluate, understand, and make a determination of
which DNSBLs are appropriate for the sites they administer. If you
are going to allow a third party's information to guide your
filtering decision-making process, you MUST understand the policies
and practices of those third parties because responsibility for
filter decisions remains ultimately with you, the postmaster.
3.3: If this indicator is missing (query of 127.0.0.2 returns NXDOMAIN),
or any query returns an A record outside of 127.0.0.0/8, the DNSBL
should be considered non-functional.
One also could keep in context with the sections you quoted, the SHOULD
in 2.3 be within 127/8 before the MUST in 6 - is that within 127/8 or
thru 0/0?
If you got caught by spamcop returning random A records outside of 127/8
treated as positive (or indeed, any of the published return values), you
need a better DNSBL client/configure it properly.
On 2021-02-02 05:28, Jaroslaw Rafa via mailop wrote:
Dnia 1.02.2021 o godz. 23:54:47 Chris via mailop pisze:
As per the RFCs, DNSBLs should only be returning 127/8 values,
anything else must be considered an error by the filter and ignored
instead of being a listing.
Not quite so:
https://tools.ietf.org/html/rfc5782
(DNS Blacklists and Whitelists)
2.1. IP Address DNSxL
The A record contents conventionally have the
value 127.0.0.2, but MAY have other values as described below in
Section 2.3.
2.3. Combined IP Address DNSxL
There is no widely used convention for mapping sublist names to bits
or values, beyond the convention that all A values SHOULD be in the
127.0.0.0/8 range to prevent unwanted network traffic if the value is
erroneously used as an IP address.
6. Typical Usage of DNSBLs and DNSWLs
A client MUST interpret any returned A record as meaning that an
address or domain is listed in a DNSxL
Please look at the last point - "A client MUST interpret any returned A
record as meaning that an address or domain is listed in a DNSxL". That's
actually the opposite of what you wrote above.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
