[Asrg] Round one modifications to DNSBL BCP draft.
Chris Lewis
clewis at nortel.com
Tue Apr 1 11:48:45 PDT 2008
Douglas Otis wrote:
> Most black-hole/block lists are based upon the IP address where the
> octets are in reverse order. The network provider can be noted by who
> advertised the address space.
>
> See:
> http://www.team-cymru.org
> This technique depends upon ASNs observed in BGP announcements. This
> information is often processed with a program like zebra, for example.
Or home grown stuff using routeviews.
The mechanics of doing this are well understood, however:
> Determining the network provider helps establish their reputation,
> which should represent a significant factor in whether their
> advertised space can be trusted.
Very few existing (at least public) DNSBLs pay any attention whatsoever
to this. Those that do usually do little more than ad-hoc aggregate
statistical reports, eg http://cbl.abuseat.org/country.html and
http://cbl.abuseat.org/domain.html, or Spamhaus's country/provider top
100 listings, or Cymru's or helping guide the manual escalation of
manual listings...
Hence, it misses the "C" ("current") required for a BCP.
It may be the perfect reputational DNSBL design, but it's still not a
_current_ one, and is hence not eligible for a BCP.
Secondly, it's DNSBL listing policy, not operational practise. Thus, it
is out of scope for the document at hand _even_ if such DNSBLs existed
today.
So while this discussion might lead to ideas for new DNSBLs (I've gotten
several ideas already - I already do most of the hard computations) with
more advanced listing criteria, it's totally irrelevant to a DNSBL
operational BCP.
As a discussion for future work in DNSBL/reputational systems it's a
reasonable topic for ASRG. But, it has _nothing_ to do with the BCP -
this subthread diverged from relevance some time ago.
More information about the Asrg
mailing list