The "dnsbl" Module (v3)
Description
This module allows the server administrator to check the IP address of connecting users against a DNSBL. This is useful for preventing malicious hosts from connecting to the server.
Configuration
To load this module use the following <module> tag:
<module name="dnsbl">
<connect>
This module extends the core <connect> tags with the following fields:
| Name | Type | Default Value | Description |
|---|---|---|---|
| dnsbl | Text | None | Match users to this connect class by DNSBL name when using the MARK action. |
| usednsbl | Boolean | Yes | Whether users in this connect class should be looked up in a DNSBL. |
Example Usage
Disables DNSBL lookups for users in the WebChat class:
<connect name="WebChat"
...
usednsbl="no">
Matches users that have been marked by a configured DNSBL named Proxies to a ProxyUser class:
<connect name="ProxyUser"
...
dnsbl="Proxies">
<dnsbl>
The <dnsbl> tag defines a DNSBL to check connecting users against. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| action | Text | None | Required! The action to take against users who's IP address is in this DNSBL. |
| bitmask | Number | None | Required for the bitmask type! A bitmask of DNSBL result types to match against. |
| domain | Text | None | Required! The domain name of this DNSBL. |
| duration | Duration | 1m | If action is set to GLINE, KLINE, or ZLINE then the duration for an X-line to last for. |
| host | Text | None | If action is set to MARK then a new hostname to set on users who's IP address is in this DNSBL. |
| ident | Text | None | If action is set to MARK then a new username (ident) to set on users who's IP address is in this DNSBL. |
| name | Text | None | Required! The human readable name of this DNSBL. |
| reason | Text | Your IP has been blacklisted. | The message to send to users who's IP address is in a DNSBL. The template variable %ip% will be replaced with the IP address of the user. |
| records | No. Range | None | Required for the record type! A numeric range of DNSBL result types to match against. |
| timeout | Duration | Depends on <dns:timeout> | New in v3.10.0! The time period to wait for a response from this DNSBL. |
| type | Text | record | The type of result that this DNSBL will provide. |
The action field should be set to one of the following values:
| Value | Description |
|---|---|
| GLINE | G-line users who's IP address is in the DNSBL. |
| KILL | Kill users who's IP address is in the DNSBL. |
| KLINE | K-line users who's IP address is in the DNSBL. |
| MARK | Marks users who's IP address is in the DNSBL. |
| ZLINE | Z-line users who's IP address is in the DNSBL. |
The type field should be set to one of the following values:
| Value | Description |
|---|---|
| bitmask | DNSBL results will be compared against the bit mask specified in the bitmask field to see if the IP address in question is in a DNSBL. For example, 15 would match against DNSBL result types 1, 2, 4, and 8. |
| record | DNSBL results will be compared against a numeric range of values. For example, 1-3,4,5 would match all DNSBL result types between 1 and 5. |
Example Usage
DroneBL is a DNSBL for IRC networks:
<dnsbl name="DroneBL"
domain="dnsbl.dronebl.org"
type="record"
records="3,5,6,7,8,9,10,11,13,14,15,16,17,19"
action="ZLINE"
duration="7d"
reason="You are listed in DroneBL. Please visit https://dronebl.org/lookup.do?ip=%ip% for more information.">
EFnet RBL is a DNSBL of undesirable IP addresses detected by the EFnet IRC Network:
<dnsbl name="EFnet RBL"
domain="rbl.efnetrbl.org"
type="record"
records="1,2,3,4,5"
action="ZLINE"
duration="7d"
reason="You are listed in the EFnet RBL. Please visit https://rbl.efnetrbl.org/?i=%ip% for more information.">
torexit.dan.me.uk is a DNSBL of Tor exit nodes.
<dnsbl name="torexit.dan.me.uk"
domain="torexit.dan.me.uk"
type="record"
records="100"
timeout="10s"
action="ZLINE"
duration="7d"
reason="Tor exit nodes are not allowed on this network. See https://metrics.torproject.org/rs.html#search/%ip% for more information.">
Server Notice Masks
| Character | Description |
|---|---|
| d | Notifications about DNSBL hits on the local server. |
| D | Notifications about DNSBL hits on a remote server. |
Statistics
| Character | Description |
|---|---|
| d | Lists information about DNSBL hits and misses. |
Special Notes
If you are also using the cgiirc module you should disable DNSBL lookups for your WebIRC gateway.