On 10/18/2016 6:21 PM, Alex wrote:
I've collected a bunch of URIs that I'd like to incorporate into my
rulebase. I know how to create a DNSBL, but I don't specifically know
how to create a URIBL. Can I use rbldnsd for this? Or would I have to
extract the IP or hostname from the URL, then also use a bunch of uri
rules? If so, is there a way of automating this, given a list of URIs?
For example, I have URIs like:
I'm also then not sure which of uri* rule definition should be used.
I've used urirhsbl before for a local host blocklist, but now after
reading the man page again for the first time in a while, I'm not even
sure that's correct.
I'm also unclear about rbldnsd config for dnset, where hostnames would
be used. Here is my current command-line:
/usr/sbin/rbldnsd -n -srbldnsd.stats -r/var/lib/rbldnsd -f -n -b
My urilist file looks like this:
:127.0.0.2:Blocked System: http://example.com/bl?$
$NS 1w uri.example.com
$SOA 1w uri.example.com admin.uri.example.com 0 2h 2h 1w 1h
@ A 220.127.116.11
@ MX 10 uri.example.com
@ TXT "example hostname blocklist"
25z5g623wpqpdwis.onion1.to:127.0.0.2:Blocked System, Last-Attack: 1476825181
27lelchgcvs2wpm7.3lhjyx1.top:127.0.0.2:Blocked System, Last-Attack: 1476825181
27lelchgcvs2wpm7.7jiff71.top:127.0.0.2:Blocked System, Last-Attack: 1476825181
Using the following (and variations, including dig +short) fail with NXDOMAIN
# host 25z5g623wpqpdwis.onion1.to.uri.example.com 18.104.22.168
Can someone show me an example zone file using the dnset option?
I'm guessing my first attempt at this message being received by the
list was due to the domain samples I've included, so they've been
Any ideas greatly appreciated.
rbldnsd is still suitable for this, as the DNS lookups are fundamentally
just mapping strings to IPs. Getting too deep into it is outside SA's
scope, but the only real difference between an IP rbl and a domain rbl
is that IP rbls tend to reverse the IP so the most significant octet is
the most significant subdomain.
On the rules side of things there's multiple different ways to write uri
rules that match against a dns lookup. Some of them are looking for
nxdomain vs anything else, some of them can look for particular IPs,
etc. Just look for the existing RBL that's most similar to what you are
looking to create.