Documentation ¶
Overview ¶
Package dnsbl implements DNS block lists (RFC 5782), for checking incoming messages from sources without reputation.
A DNS block list contains IP addresses that should be blocked. The DNSBL is queried using DNS "A" lookups. The DNSBL starts at a "zone", e.g. "dnsbl.example". To look up whether an IP address is listed, a DNS name is composed: For 10.11.12.13, that name would be "13.12.11.10.dnsbl.example". If the lookup returns "record does not exist", the IP is not listed. If an IP address is returned, the IP is listed. If an IP is listed, an additional TXT lookup is done for more information about the block. IPv6 addresses are also looked up with an DNS "A" lookup of a name similar to an IPv4 address, but with 4-bit hexadecimal dot-separated characters, in reverse.
The health of a DNSBL "zone" can be check through a lookup of 127.0.0.1 (must not be present) and 127.0.0.2 (must be present).
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ErrDNS = errors.New("dnsbl: dns error") // Temporary error.
var (
MetricLookup stub.HistogramVec = stub.HistogramVecIgnore{}
)
Functions ¶
func CheckHealth ¶
func CheckHealth(ctx context.Context, elog *slog.Logger, resolver dns.Resolver, zone dns.Domain) (rerr error)
CheckHealth checks whether the DNSBL "zone" is operating correctly by querying for 127.0.0.2 (must be present) and 127.0.0.1 (must not be present). Users of a DNSBL should periodically check if the DNSBL is still operating properly. For temporary errors, ErrDNS is returned.
Types ¶
type Status ¶
type Status string
Status is the result of a DNSBL lookup.
func Lookup ¶
func Lookup(ctx context.Context, elog *slog.Logger, resolver dns.Resolver, zone dns.Domain, ip net.IP) (rstatus Status, rexplanation string, rerr error)
Lookup checks if "ip" occurs in the DNS block list "zone" (e.g. dnsbl.example.org).
Example ¶
package main import ( "context" "log" "log/slog" "net" "github.com/mjl-/mox/dns" "github.com/mjl-/mox/dnsbl" ) func main() { ctx := context.Background() resolver := dns.StrictResolver{} // Lookup if ip 127.0.0.2 is in spamhaus blocklist at zone sbl.spamhaus.org. status, explanation, err := dnsbl.Lookup(ctx, slog.Default(), resolver, dns.Domain{ASCII: "sbl.spamhaus.org"}, net.ParseIP("127.0.0.2")) if err != nil { log.Fatalf("dnsbl lookup: %v", err) } switch status { case dnsbl.StatusTemperr: log.Printf("dnsbl lookup, temporary dns error: %v", err) case dnsbl.StatusPass: log.Printf("dnsbl lookup, ip not listed") case dnsbl.StatusFail: log.Printf("dnsbl lookup, ip listed: %s", explanation) } }
Output: