Side effects of a DNS whitelist?
matthias at leisi.net
Sun Oct 29 17:36:22 UTC 2006
[Reply-To: set, since it seems to get off-topic for bind-users]
Merton Campbell Crockett wrote:
> Aside from the additional DNS queries needed to use your proposed
> service, what is the business case for me using your service?
> What does it provide that can't be achieved using IPFW, hosts, DNS,
> "tcpwrappers", and sendmail's access database?
The idea behind dnswl.org is that whitelisting data does not need to be
maintained manually; the collaborative work should reduce the effort for
those who chose to trust such a service.
Of course it's not a substitute for local whitelisting of important
services / partners etc., but it should help reduce the chance of false
positives without the need to locally maintain an exhaustive whitelist.
Having such an extended whitelist allows to do more "aggressive" spam
filtering without running an overly high risk of false positives.
Currently the data is only available through DNS, but additional
channels / formats are possible (eg as a sendmail access.db).
More information about the bind-users