[prev in list] [next in list] [prev in thread] [next in thread]
List: unbound-users
Subject: Re: whitelist
From: Leandro Roggerone via Unbound-users <unbound-users () lists ! nlnetlabs ! nl>
Date: 2021-01-19 12:20:42
Message-ID: CALt2oz5WLu_Bhvk7235k6VN_tWfLBfvpJvXz1mbe_kB-6pkhrw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
El mar, 19 ene 2021 a las 9:19, Leandro Roggerone (<leandro@tecnetmza.com.ar>)
escribió:
> Dear Paul , I'm new on the list and have not much experience with dns
> practices.
> Can you explain why the word "blacklist" makes you feel bad ?
> I'm trying to avoid my users to get access to malware sites and so ...
> So far, my setting is working good, I can see it working at my librenms
> stats.
> [image: dns_blacklist.png]
> I received just a few customer complaints about some legitim sites they
> could not access.
> That's why I would like to add them to a whitelist.
> After reading your link it is not clear for me how to create this
> whitelist.
> In order to block malicious sites , i'm doing this:
>
> local-zone: "zzz.aba.vg" always_nxdomain
> local-zone: "zzz.clickbank.net" always_nxdomain
> local-zone: "zzz.onion.pet" always_nxdomain
>
> What should I do , to allow those entries with higher precedence than
> blacklist.
>
> BTW ; if you know a better way to achieve the same , please share with us
> !!
> Thanks.
>
> El dom, 17 ene 2021 a las 17:48, Paul Vixie (<paul@redbarn.org>) escribió:
>
>>
>>
>> Leandro Roggerone via Unbound-users wrote on 2021-01-14 06:30:
>> > Hi guys.
>> > Im trying to find without success how to create a whitelist to bypass
>> > false positive domains listed on my blocklist.
>> >
>> > So far ... what I do is to remove false positives from blocklist.
>> > This is not so effective since , I will need to do everytime I update my
>> > lists.
>>
>> this is probably the last time i will answer a question that contains
>> the word "blocklist". (i'm sure that comes as a relief to many!)
>>
>> >
>> > Do you know how to implement whitelist ?
>>
>> https://tools.ietf.org/id/draft-vixie-dnsop-dns-rpz-00.html#rfc.section.3.3
>>
>> --
>> Sent from Postbox
>> <
>> https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campaign=reach
>> >
>>
>
[Attachment #5 (text/html)]
<div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">El mar, 19 ene 2021 a las 9:19, Leandro Roggerone (<<a \
href="mailto:leandro@tecnetmza.com.ar">leandro@tecnetmza.com.ar</a>>) \
escribió:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Dear \
Paul , I'm new on the list and have not much experience with dns \
practices.<br>Can you explain why the word "blacklist" makes you feel bad \
?<br>I'm trying to avoid my users to get access to malware sites and so ... \
<br>So far, my setting is working good, I can see it working at my librenms \
stats.<br><img src="cid:ii_kk3ylz0c0" alt="dns_blacklist.png" width="443" \
height="284"><br>I received just a few customer complaints about some legitim sites \
they could not access.<br>That's why I would like to add them to a \
whitelist.<br>After reading your link it is not clear for me how to create this \
whitelist.<br>In order to block malicious sites , i'm doing this: \
<br><br>local-zone: "<a href="http://zzz.aba.vg" \
target="_blank">zzz.aba.vg</a>" always_nxdomain<br>local-zone: "<a \
href="http://zzz.clickbank.net" target="_blank">zzz.clickbank.net</a>" \
always_nxdomain<br>local-zone: "zzz.onion.pet" always_nxdomain<br><br>What \
should I do , to allow those entries with higher precedence than \
blacklist.<br><br>BTW ; if you know a better way to achieve the same , please share \
with us !! <br>Thanks.</div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">El dom, 17 ene 2021 a las 17:48, Paul Vixie (<<a \
href="mailto:paul@redbarn.org" target="_blank">paul@redbarn.org</a>>) \
escribió:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br> <br>
Leandro Roggerone via Unbound-users wrote on 2021-01-14 06:30:<br>
> Hi guys.<br>
> Im trying to find without success how to create a whitelist to bypass<br>
> false positive domains listed on my blocklist.<br>
> <br>
> So far ... what I do is to remove false positives from blocklist.<br>
> This is not so effective since , I will need to do everytime I update my<br>
> lists.<br>
<br>
this is probably the last time i will answer a question that contains<br>
the word "blocklist". (i'm sure that comes as a relief to many!)<br>
<br>
> <br>
> Do you know how to implement whitelist ? <br>
<a href="https://tools.ietf.org/id/draft-vixie-dnsop-dns-rpz-00.html#rfc.section.3.3" \
rel="noreferrer" target="_blank">https://tools.ietf.org/id/draft-vixie-dnsop-dns-rpz-00.html#rfc.section.3.3</a><br>
<br>
-- <br>
Sent from Postbox<br>
<<a href="https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campaign=reach" \
rel="noreferrer" target="_blank">https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campaign=reach</a>><br>
</blockquote></div>
</blockquote></div>
["dns_blacklist.png" (image/png)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic