Side effects of a DNS whitelist?

Matthias Leisi matthias at
Sun Oct 29 17:36:22 UTC 2006

[Reply-To: set, since it seems to get off-topic for bind-users]

Merton Campbell Crockett wrote:

> Aside from the additional DNS queries needed to use your proposed
> service, what is the business case for me using your service?
> What does it provide that can't be achieved using IPFW, hosts, DNS,
> "tcpwrappers", and sendmail's access database?

The idea behind is that whitelisting data does not need to be
maintained manually; the collaborative work should reduce the effort for
those who chose to trust such a service.

Of course it's not a substitute for local whitelisting of important
services / partners etc., but it should help reduce the chance of false
positives without the need to locally maintain an exhaustive whitelist.

Having such an extended whitelist allows to do more "aggressive" spam
filtering without running an overly high risk of false positives.

Currently the data is only available through DNS, but additional
channels / formats are possible (eg as a sendmail access.db).

-- Matthias

More information about the bind-users mailing list