mx

/Tag:mx

DNS Black List / RBL Checking in Python

Following on from performing basic DNS Lookups in Python, it’s relatively trivial to begin testing DNS Block Lists/Real Time Black Lists for blocked mail server IP addresses. To assist in preventing spam, a number of public and private RBLs are available. These track the IP addresses of mail servers that are known to produce spam, thus allowing recipient mail servers to deny delivery from known spammers. RBLs operate over DNS. In order to test a RBL, a DNS query is made. As an example, zen.spamhaus.org is a popular RBL. If I wanted to test IP address 148.251.196.147 against the zen.spamhaus.org blocklist, I would reverse the octets in the IP address and then append ‘.zen.spamhaus.org’, i.e. 147.196.251.148.zen.spamhaus.org. I then perform an ‘A’ record lookup on said host: root@w:~/tmp# host -t a 147.196.251.148.zen.spamhaus.org Host 147.196.251.148.zen.spamhaus.org not found: 3(NXDOMAIN) Excellent. IP 148.251.196.147 was not found in zen.spamhaus.org. NXDOMAIN is returned. Now, to take a known spammer’s IP: 144.76.252.9: […]

By | November 22nd, 2014|Python|2 Comments

A BIND9 zonefile and commentary

I’m often asked for a copy of various zone files for Bind, that other users may use as a template. Here’s the zonefile for www.adampalmer.me/iodigitalsec: $TTL 604 @ IN SOA iodigitalsec.com. root.iodigitalsec.com. ( 2008101023 ; Serial 172800 ; Refresh 900 ; Retry 1209600 ; Expire 3600 ) ; Negative Cache TTL ; IN NS ns3.apnichosting.com. IN NS ns2.apnichosting.com. IN MX 10 mail3.sasdataservices.com. IN MX 100 mail2.sasdataservices.com. IN MX 1000 backup-0.l3.iodigitalsec.com. IN A 217.10.156.197 * CNAME iodigitalsec.com. I’ll now cover each type of record briefly, and explain the ellusive decimal point. The SOA or “start of authority” record indicates the domain name “iodigitalsec.com” and the email address of the domain administrator “root@iodigitalsec.com”, replacing the at symbol with a decimal point (this decimal point does not have the same meaning as those later on). There is only one SOA record allowed per domain. Contained within the SOA record is also a serial number, refresh, retry, expiry and TTL. The serial number is the ‘version’ of the zone. This is generally incremented each time the zone is updated. The refresh is used by the slave or secondary DNS server as an instruction on how often to update in seconds. The ‘retry’ is the length in seconds that the slave DNS server should wait before retrying to contact an unreachable primary DNS server. The expiry specifies how long until the slave DNS server stops responding to requests for this domain name, should the primary DNS server remain unreachable. If the primary DNS server becomes available again, the timer is reset. Lastly, the Negative TTL or ‘time to live’ value indicates how long the server will cache a NAME ERROR (NXDOMAIN) record. The longest permitted is 3h (10800 seconds). On to the more simple records… […]

By | December 15th, 2008|Internetworking & Routing, Technology|2 Comments