Hello, a lot of DNSBL's along with my own, publish TXT records alongside the A records indicating the reason the IP is listed. It would be nice if HOPM can one a positive A record lookup in a DNSBL, then lookup the TXT record and fetch the reason and substitute that for the reason in the gline/zline. If no TXT record was found, use the generic reason specified in the config.
[gtaxl@excession:dnsbl]./gnbl.sh chk 163.172.207.224
Listed in DNS: YES
Listed in API: YES, TTL: 1800 ID: 19885336
Date Listed: 2020-08-21T11:00:11Z
Reason: Bruteforcing Wordpress, TTL: 1800 ID: 19885337
[gtaxl@excession:dnsbl]host 224.207.172.163.bl.gtaxl.net
224.207.172.163.bl.gtaxl.net has address 127.0.0.2
[gtaxl@excession:dnsbl]host -t TXT 224.207.172.163.bl.gtaxl.net
224.207.172.163.bl.gtaxl.net descriptive text "Bruteforcing Wordpress"
[gtaxl@excession:dnsbl]./gnbl.sh chk 79.124.62.134
Listed in DNS: YES
Listed in API: YES, TTL: 60 ID: 21842972
Date Listed: 2021-01-10T19:56:39Z
Reason: Port Scanning, TTL: 60 ID: 21842973
[gtaxl@excession:dnsbl]host 134.62.124.79.bl.gtaxl.net
134.62.124.79.bl.gtaxl.net has address 127.0.0.2
[gtaxl@excession:dnsbl]host -t TXT 134.62.124.79.bl.gtaxl.net
134.62.124.79.bl.gtaxl.net descriptive text "Port Scanning"
[gtaxl@excession:dnsbl]
I think this would be smarter and more accurate than specifying each IP ending the old BOPM way. To save on queries and resources, the TXT lookups only should happen on a positive A record response...
Plenty of DNSBLs use multiple IPs, but mine currently just uses 127.0.0.2 and we specify the different reasons via the TXT record.
I think this would be a very useful feature.
Thanks!
Hello, a lot of DNSBL's along with my own, publish TXT records alongside the A records indicating the reason the IP is listed. It would be nice if HOPM can one a positive A record lookup in a DNSBL, then lookup the TXT record and fetch the reason and substitute that for the reason in the gline/zline. If no TXT record was found, use the generic reason specified in the config.
[gtaxl@excession:dnsbl]./gnbl.sh chk 163.172.207.224
Listed in DNS: YES
Listed in API: YES, TTL: 1800 ID: 19885336
Date Listed: 2020-08-21T11:00:11Z
Reason: Bruteforcing Wordpress, TTL: 1800 ID: 19885337
[gtaxl@excession:dnsbl]host 224.207.172.163.bl.gtaxl.net
224.207.172.163.bl.gtaxl.net has address 127.0.0.2
[gtaxl@excession:dnsbl]host -t TXT 224.207.172.163.bl.gtaxl.net
224.207.172.163.bl.gtaxl.net descriptive text "Bruteforcing Wordpress"
[gtaxl@excession:dnsbl]./gnbl.sh chk 79.124.62.134
Listed in DNS: YES
Listed in API: YES, TTL: 60 ID: 21842972
Date Listed: 2021-01-10T19:56:39Z
Reason: Port Scanning, TTL: 60 ID: 21842973
[gtaxl@excession:dnsbl]host 134.62.124.79.bl.gtaxl.net
134.62.124.79.bl.gtaxl.net has address 127.0.0.2
[gtaxl@excession:dnsbl]host -t TXT 134.62.124.79.bl.gtaxl.net
134.62.124.79.bl.gtaxl.net descriptive text "Port Scanning"
[gtaxl@excession:dnsbl]
I think this would be smarter and more accurate than specifying each IP ending the old BOPM way. To save on queries and resources, the TXT lookups only should happen on a positive A record response...
Plenty of DNSBLs use multiple IPs, but mine currently just uses 127.0.0.2 and we specify the different reasons via the TXT record.
I think this would be a very useful feature.
Thanks!