Modules/2.0/dnsbl

From the makers of InspIRCd.
Jump to: navigation, search

dnsbl module (2.0 version)

Current Future
2.0 Documentation 3.0 Documentation
Return to the 2.0 Module List
Description
m_dnsbl provides support for looking up IPs of connecting users on one or more blacklists. It is fully configurable. This is an advanced module and quite some knowledge of DNS is expected from its users.
Configuration Tags
<dnsbl name="dnsblname" type="bitmask" domain="dns.domain.org" action="KILL" reason="You are banned!" duration="1d" bitmask="5">

OR:

<dnsbl name="dnsblname" type="record" domain="dns.domain.org" action="KILL" reason="You are banned!" duration="1d" records="1,2,6,19,24-38">

Where the attributes are as follows:

  • name: A readable name for the blacklist, e.g. DroneBL
  • type: The type of blacklist, either bitmask or record.
  • domain: the dns domain the bl uses, e.g. dnsbl.dronebl.org
  • action: one out of KILL, ZLINE, KLINE, GLINE (case sensitive!)
  • reason: any text you want to use as banreason or tag (%ip% will be replaced by the user's ip)
  • duration: how long you want to enforce the ban (takes no effect on KILL)
  • bitmask: For bitmask type blacklists, this is an AND mask the result from the rbl is masked again, e.g. if you only want results 1 and 4, enter 5(=1 | 4) here. Must be greater than 0 (use 255 for matching all Class C backlist results)
  • records: For record type blacklists this is a list of A record replies which cause a match for this blacklist. This value can contain lists or ranges of integer values, e.g. "1,2,3,5-9" to match all values within the range 1,2,3,5,6,7,8,9.

NOTE: A blacklist may only make use of one of either records or bitmask at any one time, depending on the value of type.


  • Examples for popular DNSBLs
# Tor blacklists:
## https://www.dan.me.uk/dnsbl/
## Blacklist-type: record
<dnsbl name="Tor - dan.me.uk"
       type="record"
       domain="tor.dan.me.uk"
       action="ZLINE"
       reason="Tor not allowed."
       duration="72h"
       records="100"
>
## http://www.sectoor.de/tor.php
## Blacklist-type: record
<dnsbl name="Tor - sectoor.de"
       type="record"
       domain="tor.dnsbl.sectoor.de"
       action="ZLINE"
       reason="Tor not allowed."
       duration="72h"
       records="1"
>

# Proxy, etc. blacklists:
## https://dronebl.org/
## Blacklist-type: record
<dnsbl name="DroneBL"
       type="record"
       domain="dnsbl.dronebl.org"
       action="ZLINE"
       reason="You are listed in DroneBL. Please visit https://dronebl.org/lookup.do?ip=%ip% for more information."
       duration="72h"
       records="3,5,6,7,8,9,10,11,13,14,15,16,17,19"
>
## http://rbl.efnetrbl.org/
## Blacklist-type: record
<dnsbl name="EFnet RBL"
       type="record"
       domain="rbl.efnetrbl.org"
       action="ZLINE"
       reason="You are listed in the EFnet RBL. Please visit http://rbl.efnetrbl.org/?i=%ip% for more information."
       duration="72h"
       records="1,2,3,4,5"
>
Modes
This module does not implement any extra user or channel modes.
Extended Bans (Extbans)
This module implements no extended bans.
Commands
This module adds no extra commands.
Special Notes
Needs to be loaded on each server of a network.

This module creates the /stats flag 'd'. Which displays current DNSBL stats for each <dnsbl> tag.