'Re: whitelist'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       unbound-users
Subject:    Re: whitelist
From:       Leandro Roggerone via Unbound-users <unbound-users () lists ! nlnetlabs ! nl>
Date:       2021-01-19 12:20:42
Message-ID: CALt2oz5WLu_Bhvk7235k6VN_tWfLBfvpJvXz1mbe_kB-6pkhrw () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


El mar, 19 ene 2021 a las 9:19, Leandro Roggerone (<leandro@tecnetmza.com.ar>)
escribió:

> Dear Paul , I'm new on the list and have not much experience with dns
> practices.
> Can you explain why the word "blacklist" makes you feel bad ?
> I'm trying to avoid my users to get access to malware sites and so ...
> So far, my setting is working good, I can see it working at my librenms
> stats.
> [image: dns_blacklist.png]
> I received  just a few customer complaints about some legitim sites they
> could not access.
> That's why I would like to add them to a whitelist.
> After reading your link it is not clear for me how to create this
> whitelist.
> In order to block malicious sites , i'm doing this:
>
> local-zone: "zzz.aba.vg" always_nxdomain
> local-zone: "zzz.clickbank.net" always_nxdomain
> local-zone: "zzz.onion.pet" always_nxdomain
>
> What should I do , to allow those entries with higher precedence than
> blacklist.
>
> BTW ; if you know a better way to achieve the same , please share with us
> !!
> Thanks.
>
> El dom, 17 ene 2021 a las 17:48, Paul Vixie (<paul@redbarn.org>) escribió:
>
>>
>>
>> Leandro Roggerone via Unbound-users wrote on 2021-01-14 06:30:
>> > Hi guys.
>> > Im trying to find without success how to create a whitelist to bypass
>> > false positive domains listed on my blocklist.
>> >
>> > So far ... what I do is to remove false positives from blocklist.
>> > This is not so effective since , I will need to do everytime I update my
>> > lists.
>>
>> this is probably the last time i will answer a question that contains
>> the word "blocklist". (i'm sure that comes as a relief to many!)
>>
>> >
>> > Do you know how to implement whitelist ?
>>
>> https://tools.ietf.org/id/draft-vixie-dnsop-dns-rpz-00.html#rfc.section.3.3
>>
>> --
>> Sent from Postbox
>> <
>> https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campaign=reach
>> >
>>
>

[Attachment #5 (text/html)]

<div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">El mar, 19 ene 2021 a las 9:19, Leandro Roggerone (&lt;<a \
href="mailto:leandro@tecnetmza.com.ar">leandro@tecnetmza.com.ar</a>&gt;) \
escribió:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Dear \
Paul , I&#39;m new on the list and have not much experience with dns \
practices.<br>Can you explain why the word &quot;blacklist&quot; makes you feel bad \
?<br>I&#39;m trying to avoid my users to get access to malware sites and so ...  \
<br>So far, my setting is working good, I can see it working at my librenms \
stats.<br><img src="cid:ii_kk3ylz0c0" alt="dns_blacklist.png" width="443" \
height="284"><br>I received   just a few customer complaints about some legitim sites \
they could not access.<br>That&#39;s why I would like to add them to a \
whitelist.<br>After reading your link it is not clear for me how to create this \
whitelist.<br>In order to block malicious sites , i&#39;m doing this:  \
<br><br>local-zone: &quot;<a href="http://zzz.aba.vg" \
target="_blank">zzz.aba.vg</a>&quot; always_nxdomain<br>local-zone: &quot;<a \
href="http://zzz.clickbank.net" target="_blank">zzz.clickbank.net</a>&quot; \
always_nxdomain<br>local-zone: &quot;zzz.onion.pet&quot; always_nxdomain<br><br>What \
should I do , to allow those entries  with higher precedence than \
blacklist.<br><br>BTW ; if you know a better way to achieve the same , please share \
with us !!  <br>Thanks.</div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">El dom, 17 ene 2021 a las 17:48, Paul Vixie (&lt;<a \
href="mailto:paul@redbarn.org" target="_blank">paul@redbarn.org</a>&gt;) \
escribió:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br> <br>
Leandro Roggerone via Unbound-users wrote on 2021-01-14 06:30:<br>
&gt; Hi guys.<br>
&gt; Im trying  to find without success how to create a whitelist to bypass<br>
&gt; false positive domains listed on my blocklist.<br>
&gt; <br>
&gt; So far ... what I do is to remove false positives  from blocklist.<br>
&gt; This is not so effective since , I will need to do everytime  I update my<br>
&gt; lists.<br>
<br>
this is probably the last time i will answer a question that contains<br>
the word &quot;blocklist&quot;. (i&#39;m sure that comes as a relief to many!)<br>
<br>
&gt; <br>
&gt; Do you know how to implement whitelist ? <br>
<a href="https://tools.ietf.org/id/draft-vixie-dnsop-dns-rpz-00.html#rfc.section.3.3" \
rel="noreferrer" target="_blank">https://tools.ietf.org/id/draft-vixie-dnsop-dns-rpz-00.html#rfc.section.3.3</a><br>
 <br>
-- <br>
Sent from Postbox<br>
&lt;<a href="https://www.postbox-inc.com/?utm_source=email&amp;utm_medium=siglink&amp;utm_campaign=reach" \
rel="noreferrer" target="_blank">https://www.postbox-inc.com/?utm_source=email&amp;utm_medium=siglink&amp;utm_campaign=reach</a>&gt;<br>
 </blockquote></div>
</blockquote></div>


["dns_blacklist.png" (image/png)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic