Designing a usable DNS Blocklist result format

June 11, 2008

It's relatively common for DNS blocklists to want to encode a certain amount of information in their results, ranging from the source of the information to how reliable they consider the results. For sensible reasons, DNS blocklists have to encode this information in the IP address or addresses that they return.

As it turns out, there is a useful way and a not so useful way to encode this information, because of the limitations of mailer support for DNSBL lookups. Most mailers can ask only two questions: 'is this host listed at all?' and 'is this host listed with a specific IP address?'

(Even when mailers support more, I believe that those two are the easiest two conditions to use.)

There are two natural ways to encode multiple pieces of information in DNSBL results. One of them is to return multiple IP addresses, each one representing one piece of information; the other is to encode all of the information into a single IP address (using several octets, or encoding an octet by ORing flags together, or both). Now consider what happens if you want to know only one piece of information in your mailer, for example 'is this host blocked with high confidence'.

If the DNSBL encodes multiple pieces of information in a single IP address and you want only one piece, you probably have no good way of extracting it and matching on it; instead you have to inventory all of the different IP addresses that it might be encoded into. However, if the DNSBL encodes the information into multiple IP addresses, you have a simple check; 'does the DNSBL return IP <X> for this host'.

Thus, I believe that the most useful and best way for DNSBLs to encode multiple pieces of information is to return multiple IP addresses for each lookup, each one encoding one specific bit of information. Encoding several pieces of information in one IP address only makes sense if you are very confidant that most people will want to use them together and will never want to check just one.

Written on 11 June 2008.
« Tabs versus windows, or why I usually want windows
The problem with ZFS, SANs, and failover »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Wed Jun 11 23:54:51 2008
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.