Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 21 Next »

How it works

The DNSBL services are itself reachable through a rest API, both through GET and POST-queries. The calls can be made in bulks, which means if you have a host that delivers blacklists to us, you may want to post more than one address at the time. The recommended method for doing this is by a POST, but in less larger amounts of hosts GET is also accepted. There are currently no release of the DNSBL since it's in a state of test (beta/unfinished), but you may however test the services. Some calls are made available freely (at least at the moment), but they will probably get stricted up later on due to the risk of flooding of the services.

Example URL: https://api.tornevall.net/2.0/dnsbl/islisted/255.255.255.252 (Still free to use)

API Rest URLs and usage

Information about this coming very soon

 

Which DNSBL datastore is active?

By resolving bl-version.tornevall.org and bl-version.fraudbl.org you may get a clue which version of the blacklists that is currently running.

Linux

host -tTXT bl-version.fraudbl.org
host -tTXT bl-version.tornevall.org

Windows

nslookup <enter>
set type=txt <enter>
bl-version.fraudbl.org
bl-version.tornevall.org

The version entries will give you a small clue, where the data comes from. The version "1.0.0.2006" indicates that data is returned from the deprecated data store from 2006. If you can not find any TXT-entry, a normal dns lookup would return the version values as 127.0.0.1, etc. The current values is 127.0.0.1 for the deprecated version and 127.0.0.5 for version 5.

Development

TorneLIB

TorneLIB contains a smaller independent library to keep track of listed hosts and may be included in projects that requires the use of the DNSBL/FraudBL. This project is about to replace a lot of things that has been "alive" (barely?) since 2006.

You can download the standalone library here: https://dev.tornevall.net/sources/dnsbl/tornevall_dnsbl.php (Note: This library extension follows our develop trunk, so it may be incomplete from time to time).

How to use this library extension

Resolving in it's simplest form
require_once(__DIR__ . "/autoload.php");
$dnsbl = new \TorneLIB\TorneLIB_DNSBL();
if ($dnsbl->isListed($testaddr)) {
    /* Actions to take against this host */
}

Other methods

MethodParametersTypeResult
isListed()
ipAddressboolThe example above
resolveBlacklist()
ipAddress (v4/v6)
getListedTypes (default=false) 
array

An array with strings defined in TORNEVALL_DNSBL_BITS.
The constants are listed below.

BIT_REPORTED = 1
BIT_CONFIRMED = 2
BIT_FRAUDBL = 4
BIT_EMPTY = 8
BIT_SPAM = 16
BIT_ANONYMOUS = 32
BIT_ABUSE = 64
BIT_DIFFERENTSTATE = 128

When getListedTypes are set to true, this function is returning data from TORNEVALL_DNSBL_BITS::getBitArray() 

getBitArray()
bitValue (integer)array 
getBlVersion()
blZonestringIf no zone are given the default value from the class TORNEVALL_DNSBL_ZONES is set to dnsbl.tornevall.org.
As described above, which DNSBL version is active, this function returns the version id of the current release. 
isBit()
bitType, bitValuebool

The TORNEVALL_DNSBL_BITS-class also have another method callable from public called isBit().
Let's say that you have the bitmask value 80, which represents the two bits BIT_ABUSE (64) and BIT_SPAM (16), you can ask this function if they are present. 

isBit()-method
$bitValue = 80;
$BitClass = new \TorneLIB\TORNEVALL_DNSBL_BITS();
$BitClass->isBit();
if ($BitClass->isBit(self::BIT_SPAM, $bitValue)) { /* Do something here */ }
if ($BitClass->isBit(self::BIT_ABUSE, $bitValue)) { /* Do something here */ }

This method is calling isBit() in the TORNEVALL_DNSBL_BITS-class.

What is happening in this component?

Summary T Created Updated Status Resolution
Loading...
Refresh

 

rbl-extension

The former name of the DNSBL at sourceforge is named rbl-extension and can be found here. The plans is to also upgrade that "platform".

https://sourceforge.net/projects/rbl-extension/

The public development repo for this project can be reach through svn://svn.tornevall.net/dnsbl/standalone/trunk and the current (and also last version of branch 1.0) can be reached at svn://svn.tornevall.net/dnsbl/standalone/branches/1.0. The trunk will soon get patched with TorneLIB-DNSBL.

 

 

Historical summary

In the beginning there was spamming. The spamming took it's place on a swedish forum, hosted by a swedish TV-channel, inspired by an international project called "Big Brother". The year was actually 2006 and trolls were highly active on this forum. In the same time, there was an irc-server that received a load of attacks by proxies.

At this moment, there was a project on the big internet called BOPM (Blitzed Open Proxy Monitor) that has special clients checking on connecting clients to that irc server. Tornevall Networks started to think of migrating a similar solution into web spaces. The problem, that made a huge difference between the IRC and WWW-protocol was the fact that on IRC, you made one connection and then one check against a DNS Blacklist. If it was blacklisted as an open proxy, it got k-lined, akilled in any other form: banned. This was not possible with HTTP-connections, since a check would take place each time a client connected to a website. The idea in this case, was to cache the resolving, into a local storage since DNS-servers otherwise could be overloaded with queries (depending on how DNS caching was made).

Somewhere in may 2006, this project started and the first extension released was actually the rbl-extension at sourceforge, together with an extension for the CMS tool e107 and vBulletin. After this year, 2006, no more suprises happened. Only maintenance jobs. Recently someone has realized that the old projects has became quite obsolete. Deprecation of the old project from 2006 was initiated somewhere between december 2015 and june 2016.

  • No labels