I don't think there really needs to be consensus. I've yet to see one
that blocks 127.0.0.1, and they all have some sort of test address
(usually 127.0.0.x)
Given that the worst that happens if this system fails is that SA
stops using the list until sa-update updates the check rule, as long
as the test IPs can be configured on a per-DNSBL basis, there
shouldn't really be a problem.
* DNSBL includes DNSWLs, domain based lists, etc... All we need is a
"this entry should cause a result" and "this entry should not",
whether it's positive or negative, an IP or domain, etc, shouldn't
matter.
You're welcome to give it a whirl to come up with code to do the testing
but doing it on start-up is likely bound to have lots of problems with
servers rebooting that don't have net access yet, etc.
As I put on the bug, I think the best solution will be something that
internally monitors for block rules and if triggered, stops queries to
those BLs for an hour. Then it can try again. Your idea might be
better and I'm having forest for the trees vision.
regards,
KAM
