Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

How it works

The DNSBL services are itself reachable through a rest API, both through GET and POST-queries. The calls can be made in bulks, which means if you have a host that delivers blacklists to us, you may want to post more than one address at the time. The recommended method for doing this is by a POST, but in less larger amounts of hosts GET is also accepted. There are currently no release of the DNSBL since it's in a state of test (beta/unfinished), but you may however test the services. Some calls are made available freely (at least at the moment), but they will probably get stricted up later on due to the risk of flooding of the services.

...

Warning
titleAPI Rest URLs and usage

Information about this coming very soon

 

Which DNSBL datastore is active?

By resolving bl-version.tornevall.org and bl-version.fraudbl.org you may get a clue which version of the blacklists that is currently running.

...

The version entries will give you a small clue, where the data comes from. The version "1.0.0.2006" indicates that data is returned from the deprecated data store from 2006. If you can not find any TXT-entry, a normal dns lookup would return the version values as 127.0.0.1, etc. The current values is 127.0.0.1 for the deprecated version and 127.0.0.5 for version 5.

Development

TorneLIB

TorneLIB contains a smaller independent library to keep track of listed hosts and may be included in projects that requires the use of the DNSBL/FraudBL. This project is about to replace a lot of things that has been "alive" (barely?) since 2006.

You can download the standalone library here: https://dev.tornevall.net/sources/dnsbl/tornevall_dnsbl.php (Note: This library extension follows our develop trunk, so it may be incomplete from time to time).

How to use this library extension

Code Block
languagephp
titleResolving in it's simplest form
require_once(__DIR__ . "/autoload.php");
$dnsbl = new \TorneLIB\TorneLIB_DNSBL();
if ($dnsbl->isListed($testaddr)) {
    /* Actions to take against this host */
}

Other methods

MethodParametersTypeResult
isListed()
ipAddressboolThe example above
resolveBlacklist()
ipAddress (v4/v6)
getListedTypes (default=false) 
array

An array with strings defined in TORNEVALL_DNSBL_BITS.
The constants are listed below.

BIT_REPORTED = 1
BIT_CONFIRMED = 2
BIT_FRAUDBL = 4
BIT_EMPTY = 8
BIT_SPAM = 16
BIT_ANONYMOUS = 32
BIT_ABUSE = 64
BIT_DIFFERENTSTATE = 128

When getListedTypes are set to true, this function is returning data from TORNEVALL_DNSBL_BITS::getBitArray() 

getBitArray()
bitValue (integer)array 
getBlVersion()
blZonestringIf no zone are given the default value from the class TORNEVALL_DNSBL_ZONES is set to dnsbl.tornevall.org.
As described above, which DNSBL version is active, this function returns the version id of the current release. 
isBit()
bitType, bitValuebool

The TORNEVALL_DNSBL_BITS-class also have another method callable from public called isBit().
Let's say that you have the bitmask value 80, which represents the two bits BIT_ABUSE (64) and BIT_SPAM (16), you can ask this function if they are present. 

Code Block
languagephp
titleisBit()-method
$bitValue = 80;
$BitClass = new \TorneLIB\TORNEVALL_DNSBL_BITS();
$BitClass->isBit();
if ($BitClass->isBit(self::BIT_SPAM, $bitValue)) { /* Do something here */ }
if ($BitClass->isBit(self::BIT_ABUSE, $bitValue)) { /* Do something here */ }

This method is calling isBit() in the TORNEVALL_DNSBL_BITS-class.

What is happening in this component?

Jira
serverTornevall Networks
columnssummary,type,created,updated,status,resolution
maximumIssues20
jqlQuerycomponent = PHPCli-TorneLIB_DNSBL ORDER BY status ASC, resolution DESC, "Internal priority", priority DESC, updated DESC
serverIdef1f2374-e58a-319f-9d38-10348dbac859

 

rbl-extension

The former name of the DNSBL at sourceforge is named rbl-extension and can be found here. The plans is to also upgrade that "platform".

...

The public development repo for this project can be reach through svn://svn.tornevall.net/dnsbl/standalone/trunk and the current (and also last version of branch 1.0) can be reached at svn://svn.tornevall.net/dnsbl/standalone/branches/1.0. The trunk will soon get patched with TorneLIB-DNSBL.

 

 

Historical summary

In the beginning there was spamming. The spamming took it's place on a swedish forum, hosted by a swedish TV-channel, inspired by an international project called "Big Brother". The year was actually 2006 and trolls were highly active on this forum. In the same time, there was an irc-server that received a load of attacks by proxies.

...