InspIRCd v4 is still early in development!
If you use this branch you may experience crashes, weird behaviour, and unannounced breaking changes.
You probably want to use InspIRCd v3 instead.
The "dnsbl" Module (v4)
Description
This module allows the server administrator to check the IP address of connecting users against a DNSBL. This is useful for preventing malicious hosts from connecting to the server.
Configuration
To load this module use the following <module> tag:
<module name="dnsbl">
<connect>
This module extends the core <connect> tags with the following fields:
| Name | Type | Default Value | Description |
|---|---|---|---|
| dnsbl | Text | None | Match users to this connect class by DNSBL name when using the mark action. |
| usednsbl | Boolean | Yes | Whether users in this connect class should be looked up in a DNSBL. |
Example Usage
Disables DNSBL lookups for users in the WebChat class:
<connect name="WebChat"
...
usednsbl="no">
Matches users that have been marked by a configured DNSBL named Proxies to a ProxyUser class:
<connect name="ProxyUser"
...
dnsbl="Proxies">
<dnsbl>
The <dnsbl> tag defines a DNSBL to check connecting users against. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| action | Text | None | Required! The action to take against users who's IP address is in this DNSBL. |
| bitmask | Number | None | Required for the bitmask type! A bitmask of DNSBL result types to match against. |
| domain | Text | None | Required! The domain name of this DNSBL. |
| duration | Duration | 1m | If action is set to gline, kline, or zline then the duration for an X-line to last for. |
| host | Text | None | If action is set to mark then a new hostname to set on users who's IP address is in this DNSBL. |
| ident | Text | None | If action is set to mark then a new username (ident) to set on users who's IP address is in this DNSBL. |
| name | Text | None | Required! The human readable name of this DNSBL. |
| reason | Text | Your IP (%ip%) has been blacklisted by the %dnsbl% DNSBL. | The message to send to users who's IP address is in a DNSBL. |
| records | No. Range | None | Required for the record type! A numeric range of DNSBL result types to match against. |
| timeout | Duration | Depends on <dns:timeout> | The time period to wait for a response from this DNSBL. |
| type | Text | record | The type of result that this DNSBL will provide. |
The action field should be set to one of the following values:
| Value | Description |
|---|---|
| gline | G-line users who's IP address is in the DNSBL. |
| kill | Kill users who's IP address is in the DNSBL. |
| kline | K-line users who's IP address is in the DNSBL. |
| mark | Marks users who's IP address is in the DNSBL. |
| zline | Z-line users who's IP address is in the DNSBL. |
The reason field can contain any of the following template variables:
| Variable | Description |
|---|---|
| %dnsbl% | The name of the DNSBL (from <dnsbl:name>) |
| %ip% | The IP address of the user. |
| %result% | The record type returned by the DNSBL. |
The type field should be set to one of the following values:
| Value | Description |
|---|---|
| bitmask | DNSBL results will be compared against the bit mask specified in the bitmask field to see if the IP address in question is in a DNSBL. For example, 15 would match against DNSBL result types 1, 2, 4, and 8. |
| record | DNSBL results will be compared against a numeric range of values. For example, 1-3,4,5 would match all DNSBL result types between 1 and 5. |
Example Usage
DroneBL is a DNSBL for IRC networks:
<dnsbl name="DroneBL"
domain="dnsbl.dronebl.org"
type="record"
records="3,5,6,7,8,9,10,11,13,14,15,16,17,19"
action="zline"
duration="7d"
reason="You are listed in DroneBL. Please visit https://dronebl.org/lookup.do?ip=%ip% for more information.">
EFnet RBL is a DNSBL of undesirable IP addresses detected by the EFnet IRC Network:
<dnsbl name="EFnet RBL"
domain="rbl.efnetrbl.org"
type="record"
records="1,2,3,4,5"
action="zline"
duration="7d"
reason="You are listed in the EFnet RBL. Please visit https://rbl.efnetrbl.org/?i=%ip% for more information.">
torexit.dan.me.uk is a DNSBL of Tor exit nodes.
<dnsbl name="torexit.dan.me.uk"
domain="torexit.dan.me.uk"
type="record"
records="100"
timeout="10s"
action="zline"
duration="7d"
reason="Tor exit nodes are not allowed on this network. See https://metrics.torproject.org/rs.html#search/%ip% for more information.">
Server Notice Masks
| Character | Description |
|---|---|
| d | Notifications about DNSBL hits on the local server. |
| D | Notifications about DNSBL hits on a remote server. |
Statistics
| Character | Description |
|---|---|
| d | Lists information about DNSBL hits and misses. |
Special Notes
If you are also using the gateway module you should disable DNSBL lookups for your WebIRC gateway.