Peter Saint-Andre wrote:
How is your DNSBL built?
Currently it is build manually, no reporting yet. It is located on dnsbl.jabber.ru and is maintaining according to DNSxL I-D.
What are the inputs?
The input currently is server DNS names (i.e. only s2s so far). The format is described in the DNSxL I-D: http://tools.ietf.org/html/draft-irtf-asrg-dnsbl-08#section-3
How does the operator of an XMPP service find out if their domain or IP address is listed? Do you return a particular stream error to entities that are on the DNSBL?
Those are not yet implemented. It's on my TODO list.
How does a service remove itself from the list? Where is the list maintained and by whom?
There is no such functionality yet. Please understand, we ran it as a testing service only for our purposes. However, everyone is able to maintain his own list. There are also software available for that purpose (rbldnsd for example). By the way, there is I-D available which discusses guidelines for the management of public DNSBLs by their operators - http://tools.ietf.org/html/draft-irtf-asrg-bcp-blacklists-05
How does someone access the list?
Everybody can access it via DNS client ;)
What if the machine on which the DNSBL is located gets hacked? Does this introduce a single point of failure or attack for the XMPP network?
If you have only one DNSBL configured in your service then, yes, you are in troubles. However typically, you should have multiple DNSBLs configured (and even weighted and ranged) to get rid of that kind of bottle-neck.
Personally I would prefer a decentralized technology like XEP-0268 to a centralized DNSBL.
I read the XEP and didn't find where it is more decentralized than DNSBLs. Also, as I understand the XEP only describes reporting technics.
-- Regards, Evgeniy Khramtsov, ProcessOne. xmpp:[email protected].
