== Why DNS blocklists return information as IP addresses

Especially in light of the [[difficulties that they present in returning
multiple bits of information UsableDNSBLResults]], you might sensibly ask
why DNS blocklists opt to return information as IP addresses, instead of
something more flexible. A related question is why DNSBLs are queried
in such an odd way, by reversing the octets of the host address you're
interested in.

The IP address thing is simple: everyone has has _gethostbyname()_ or
its equivalent in their standard library. Especially if you just want
a yes or no answer (and that's what DNSBLs started as and are still
mostly used for), _gethostbyname()_ gives you a simple and basically
hassle-free basic interface. It also has the right failure mode for a
cautious system; if you can't talk to the DNSBL for any reason, the
lookup fails and you assume that the host isn't blocklisted.

Using any other DNS record type to return information requires people
to write much more involved custom code to do direct DNS queries, which
is usually much more complicated even if you have a high level library
to handle a bunch of the details, and *really* more complicated if you
don't. (Trust me, decoding DNS response packets is not fun for any part
of the family.)

The reversed octets query format is for historical reasons. The [[first
DNSBL http://en.wikipedia.org/wiki/DNSBL]] was mostly aimed at listing
entire bad networks and subnets, not individual hosts, and was probably
not using a custom nameserver. If you want to list a lot of things
with _bind_ you want to use wildcard records, but wildcards can only
come at the start of a DNS name (at the end of the lookups, which go
right to left), not in the middle. So if you are going to use wildcard
records to cover subnets, you need to reverse the octets so you can put
the wildcard in the right place, letting you list 24.10.0.0/16 by just
creating a *.10.24.your.dnsbl PTR record.

(These days none of this applies any more; [[most
http://cbl.abuseat.org/]] [[DNSBLs http://www.spamhaus.org/]] that
people use list individual hosts instead of subnets, and I believe that
most of them use custom nameservers because loading several hundred
thousand records into _bind_ doesn't work too well.)