DNS Blacklists and Whitelists
RFC 5782

Document Type RFC - Informational (February 2010; Errata)
Was draft-irtf-asrg-dnsbl (asrg RG)
Last updated 2015-10-14
Stream IRTF
Formats plain text pdf html bibtex
Stream IRTF state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 5782 (Informational)
Telechat date
Responsible AD Lisa Dusseault
Send notices to (None)
Internet Research Task Force (IRTF)                            J. Levine
Request for Comments: 5782                          Taughannock Networks
Category: Informational                                    February 2010
ISSN: 2070-1721

                     DNS Blacklists and Whitelists

Abstract

   The rise of spam and other anti-social behavior on the Internet has
   led to the creation of shared blacklists and whitelists of IP
   addresses or domains.  The DNS has become the de-facto standard
   method of distributing these blacklists and whitelists.  This memo
   documents the structure and usage of DNS-based blacklists and
   whitelists, and the protocol used to query them.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Research Task Force
   (IRTF).  The IRTF publishes the results of Internet-related research
   and development activities.  These results might not be suitable for
   deployment.  This RFC represents the consensus of the Anti-Spam
   Research Group of the Internet Research Task Force (IRTF).  Documents
   approved for publication by the IRSG are not a candidate for any
   level of Internet Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc5782.

Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Levine                        Informational                     [Page 1]
RFC 5782              DNS Blacklists and Whitelists        February 2010

Table of Contents

   1. Introduction ....................................................2
   2. Structure of an IP Address DNSBL or DNSWL .......................3
      2.1. IP Address DNSxL ...........................................3
      2.2. IP Address DNSWL ...........................................4
      2.3. Combined IP Address DNSxL ..................................4
      2.4. IPv6 DNSxLs ................................................5
   3. Domain Name DNSxLs ..............................................6
   4. DNSxL Cache Behavior ............................................7
   5. Test and Contact Addresses ......................................7
   6. Typical Usage of DNSBLs and DNSWLs ..............................8
   7. Security Considerations .........................................9
   8. References .....................................................10
      8.1. Normative References ......................................10
      8.2. Informative References ....................................10

1.  Introduction

   In 1997, Dave Rand and Paul Vixie, well-known Internet software
   engineers, started keeping a list of IP addresses that had sent them
   spam or engaged in other behavior that they found objectionable.
   Word of the list quickly spread, and they started distributing it as
   a BGP feed for people who wanted to block all traffic from listed IP
   addresses at their routers.  The list became known as the Real-time
   Blackhole List (RBL).

   Many network managers wanted to use the RBL to block unwanted e-mail,
   but weren't prepared to use a BGP feed.  Rand and Vixie created a
   DNS-based distribution scheme that quickly became more popular than
   the original BGP distribution.  Other people created other DNS-based
   blacklists either to compete with the RBL or to complement it by
   listing different categories of IP addresses.  Although some people
   refer to all DNS-based blacklists as "RBLs", the term properly is
   used for the Mail Abuse Prevention System (MAPS) RBL, the descendant
   of the original list.  (In the United States, the term RBL is a
   registered service mark of Trend Micro [MAPSRBL].)

   The conventional term is now DNS blacklist or blocklist, or DNSBL.
   Some people also publish DNS-based whitelists or DNSWLs.  Network
   managers typically use DNSBLs to block traffic and DNSWLs to
   preferentially accept traffic.  The structure of a DNSBL and DNSWL
   are the same, so in the subsequent discussion we use the abbreviation
   DNSxL to mean either.

   This document defines the structure of DNSBLs and DNSWLs.  It
   describes the structure, operation, and use of DNSBLs and DNSWLs but
   does not describe or recommend policies for adding or removing
Show full document text