DNS Blacklists and Whitelists
RFC 5782
Document | Type |
RFC - Informational
(February 2010; Errata)
Was draft-irtf-asrg-dnsbl (asrg RG)
|
|
---|---|---|---|
Author | John Levine | ||
Last updated | 2020-01-21 | ||
Stream | Internet Research Task Force (IRTF) | ||
Formats | plain text html pdf htmlized (tools) htmlized with errata bibtex | ||
Stream | IRTF state | (None) | |
Consensus Boilerplate | Unknown | ||
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 5782 (Informational) | |
Action Holders |
(None)
|
||
Telechat date | |||
Responsible AD | Lisa Dusseault | ||
Send notices to | (None) |
Internet Research Task Force (IRTF) J. Levine Request for Comments: 5782 Taughannock Networks Category: Informational February 2010 ISSN: 2070-1721 DNS Blacklists and Whitelists Abstract The rise of spam and other anti-social behavior on the Internet has led to the creation of shared blacklists and whitelists of IP addresses or domains. The DNS has become the de-facto standard method of distributing these blacklists and whitelists. This memo documents the structure and usage of DNS-based blacklists and whitelists, and the protocol used to query them. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Research Task Force (IRTF). The IRTF publishes the results of Internet-related research and development activities. These results might not be suitable for deployment. This RFC represents the consensus of the Anti-Spam Research Group of the Internet Research Task Force (IRTF). Documents approved for publication by the IRSG are not a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc5782. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Levine Informational [Page 1] RFC 5782 DNS Blacklists and Whitelists February 2010 Table of Contents 1. Introduction ....................................................2 2. Structure of an IP Address DNSBL or DNSWL .......................3 2.1. IP Address DNSxL ...........................................3 2.2. IP Address DNSWL ...........................................4 2.3. Combined IP Address DNSxL ..................................4 2.4. IPv6 DNSxLs ................................................5 3. Domain Name DNSxLs ..............................................6 4. DNSxL Cache Behavior ............................................7 5. Test and Contact Addresses ......................................7 6. Typical Usage of DNSBLs and DNSWLs ..............................8 7. Security Considerations .........................................9 8. References .....................................................10 8.1. Normative References ......................................10 8.2. Informative References ....................................10 1. Introduction In 1997, Dave Rand and Paul Vixie, well-known Internet software engineers, started keeping a list of IP addresses that had sent them spam or engaged in other behavior that they found objectionable. Word of the list quickly spread, and they started distributing it as a BGP feed for people who wanted to block all traffic from listed IP addresses at their routers. The list became known as the Real-time Blackhole List (RBL). Many network managers wanted to use the RBL to block unwanted e-mail, but weren't prepared to use a BGP feed. Rand and Vixie created a DNS-based distribution scheme that quickly became more popular than the original BGP distribution. Other people created other DNS-based blacklists either to compete with the RBL or to complement it by listing different categories of IP addresses. Although some people refer to all DNS-based blacklists as "RBLs", the term properly is used for the Mail Abuse Prevention System (MAPS) RBL, the descendant of the original list. (In the United States, the term RBL is a registered service mark of Trend Micro [MAPSRBL].) The conventional term is now DNS blacklist or blocklist, or DNSBL. Some people also publish DNS-based whitelists or DNSWLs. Network managers typically use DNSBLs to block traffic and DNSWLs to preferentially accept traffic. The structure of a DNSBL and DNSWL are the same, so in the subsequent discussion we use the abbreviation DNSxL to mean either. This document defines the structure of DNSBLs and DNSWLs. It describes the structure, operation, and use of DNSBLs and DNSWLs but does not describe or recommend policies for adding or removing Levine Informational [Page 2] RFC 5782 DNS Blacklists and Whitelists February 2010Show full document text