DNSBL - Domain Name System Realtime block list Lookup (aka drool)
use DNSBL;
$dnsbl = new DNSBL();
$result = $dnsbl->checkIP(@array);
if (defined($result)) {
exit $result;
} else {
exit 255;
}
$dnsbl->clearRBL();
$dnsbl->addRBL(@array);
$dnsbl->lastStats(\%stats);
$cnt = $dnsbl->RBLCount();
$dnsbl->getRBLHash(\%hash);
$dnsbl->getRBLArray(\@array);
$dnsbl->getRBLHash(\%hash);
$dnsbl->getRBLArray(\@array);
$dnsbl->getRBLGroups(\@array);
DNSBL is a utility for checking for the existence ip addresses in a user selectable / specifiable group of realtime block databases.
These "DNS BL" (aka DNS RBL) databases are most widely used for protecting mail systems from unwanted mail by providing information about the ip address in question. The information can vary: some which country the IP address resides in; which ISP has been allocated the IP address; information about the configuration (or in most cases, the misconfiguration) of a mail server; indications if spam has known to have been sent out from the IP address; and / or many other different types of information that the internet community finds handy to be able to get their hands on.
Quite a few of these lists exists, and oftentimes one would like to discover what is being said about a particular IP address. There are several websites which exist which provide one with the ability to check some of lists which the administrators of the site want to check and there are programs which will check against a list of known lists (and some programs allow you to specify additional lists to check).
I wanted something that did a combination of what was currently available, and so I put together DNSBL. It is intended to be quick, customizable and able to be used from the command line or as part of a suite of web tools (which I am working on).
Usage of DNSBL is fairly straight forward.
To set up a new instance, call the new method, which returns a DNSBL object.
$rbl = new DNSBL ();
$rbl = new DNSBL (
type => 'texturl',
listed => 1,
notlisted => 0,
quiet => 0,
quit1stpos => 0,
showtxt => 1,
timeout => 5,
);
new accepts the following named parameters in %params:
What type of output should be provided. Currently the following are configured:
type description
------------- -----------------------------------------------
text basic text only output
texturl basic text only output with DNS BL url if known
html basic html output
htmlurl basic html output with DNS BL url if known
htmltables html table output
htmltablesurl html table output with DNS BL url if known
This defaults to text.
How long you want to wait in seconds for lookups to return. The timeout setting does not dictate that all of the lookups will only take that long to run, but that after the timeout has exceeded, the further lookups against that DNS BL will be stopped.
The timeout is used to prevent long delays when checking against servers that may be slow in responding and hold up the rest of the processing.
This defaults to 10 seconds.
What language the output should be displayed in. Currently only English is provided, but it is setup to easily be able to handle multiple languages. Being lingustically challenged, I am unable to provide translations into other languages.
If you are able to provide translations, please contact me and I will add them to the main distribution.
This defaults to en.
To display output or not to display. Defaults to showing messages as things happens, but if you would like it to return just the status of the checks, set quiet to 1.
This overrides the showlisted and shownotlisted parameters.
This defaults to 0 (false; not quiet).
To display the TXT record and returned value of the lookup. Currently only the returned value is displayed. A future version will provide the result of querying against the TXT record on positive matches.
This defaults to 0 (false; don't display TXT results).
Should we display results that are listed in the DNS BL. If false, information will not be displayed if the ip address is listed.
This defaults to 1 (true; display information if addresses is listed).
Should we display results that when not listed in the DNS BL. If false, information will not be displayed if the ip address is not listed.
This is handy if you just want to know what lists a particular IP addresses is listed in (especially when checking against a large number of DNS BL).
This defaults to 1 (true; display information if addresses is not listed).
If the entry to lookup is specified as a hostname or as an integer IP address, should we translate it (if possible) into dotted quad format for lookups.
If false, hostname entries and integer entries are discarded.
This defaults to 1 (true; hostname / integers translated into dotted quad format for processing).
Should we quit at the first opportunity after the first occurance of an IP address being listed.
I don't have as good of a control over the child processes as I'd like, so even after the first possitive result, some lookups to happen.
This defaults to 0 (false; check against all DNS BLs).
Should we include lists that are require payment to be able to use.
This defaults to 0 (false; don't include pay for use DNS BLs). =back
Checks the specified IP's against the list of select DNS BL. IP's can be provided in dotted quad format (209.104.63.56), or if translate is turned on, as a hostname (mail.exmaple.com) or as an integer ip (3513270072).
Populates the hash reference with the statistics from the last run of checkIP.
The structure of the hash is:
$stats{rbl}{<rbl hostname>}{<notlisted|checked|listed>}
$stats{ip}{<ip address>}{<notlisted|checked|listed>}
$stats{totals}{rbl}{<notlisted|checked|listed>}
$stats{totals}{ip}{<notlisted|checked|listed>}
For example, after executing:
$dnsbl->clearRBL();
$dnsbl->addRBL('ipwhois.rfc-ignorant.org', 'af.countries.nerd.dk');
my $check = $dnsbl->checkIPs('127.0.0.2','127.0.04');
my %stats = ();
$dnsbl->lastStats(\%stats);
The variable %stats will contain something like:
$stats{rbl}{'ipwhois.rfc-ignorant.org'}{listed} = 1
$stats{rbl}{'ipwhois.rfc-ignorant.org'}{notlisted} = 1
$stats{rbl}{'ipwhois.rfc-ignorant.org'}{checked} = 2
$stats{rbl}{'af.countries.nerd.dk'}{notlisted} = 2
$stats{rbl}{'af.countries.nerd.dk'}{checked} = 2
$stats{totals}{rbl}{listed} = 1
$stats{totals}{rbl}{notlisted} = 1
$stats{totals}{rbl}{checked} = 2
$stats{ip}{'127.0.0.2'}{listed} = 1
$stats{ip}{'127.0.0.2'}{notlisted} = 1
$stats{ip}{'127.0.0.2'}{checked} = 2
$stats{ip}{'127.0.0.4'}{notlisted} = 2
$stats{ip}{'127.0.0.4'}{checked} = 2
$stats{totals}{ip}{listed} = 1
$stats{totals}{ip}{notlisted} = 1
$stats{totals}{ip}{checked} = 2
Clear the currently specified list of DNS BL to check. If you want to specify your own list (and not use the base list), you'll need to run this to start from a null list.
Add the specified block list databases to the set of DNS BL queried. Specified block list does not have to be one that is already known (though in that case, the url will not be available).
A DNS BL "group" can be specified by concatenating a tilda (~) to the front of the group name.
Currently (2002-09-10) available "groups" include (but is not limited to):
group description
--------------- ---------------------
base base (default list used)
baseplus adds a couple more common DNS BLs
dialup lists which indicate if the ip in a dialup pool
dsbl.org lists provided by dsbl.org
mail-abuse.org lists provided by mail-abuse.org (commercial)
osirusoft.com lists provided by relays.osirusoft.com
pay commercial (pay for use) lists
relay lists which indicate IPs with open relays
spam lists which people have received spam from
For example, the following will add two DNS BL's (af.countries.nerd.dk ipwhois.rfc-ignorant.org) and all BL in the dialup group:
$dnsbl->addRBL('ipwhois.rfc-ignorant.org',
'~dialup',
'af.countries.nerd.dk');
Set the currently specified list of DNS BL to check to the default. This is the same as running: $dnsbl->clearRBL(); $dnsbl->addRBL('~base');
Returns a count (integer) of the DNS BL currently specified to check.
For example, after running the below, $cnt would equal 2. $dnsbl->clearRBL(); $dnsbl->addRBL('ipwhois.rfc-ignorant.org', 'af.countries.nerd.dk'); my $cnt = $dnsbl->RBLCount();
Populates the variable references with information on all known DNS BLs.
$dnsbl->getALLRBLHash(\%hash) provides all known information in the same structure as "stored" in the main list.
$dnsbl->getALLRBLArray(\@array) returns just an array of DNS BL hostnames.
Populates the variable references with information on DNS BLs currently selected to be checked.
$dnsbl->getRBLHash(\%hash) provides all known information in the same structure as "stored" in the main list.
$dnsbl->getRBLArray(\@array) returns just an array of DNS BL hostnames.
Populates the variable reference with the listing of all known DNS BL groups.
For samples/tutorials, take a look at the acompanying programs in samples/ in the distribution directory.
<dnsbl> is a command line program which attempts to emulate
Edward S. Marshall's rblcheck (http://rblcheck.sourceforge.net/)
program using the Net::DNSBL package.
<dnsbl.pl> is a simple program to test the base functionality
of the package. (I wrote it while creating the package for testing.)
<dnsbl.cgi> is a cgi which is the beginings of a web based
interface. It requires html.inc and templates.inc (also in the
samples directory).
If you have any questions, code samples, bug reports, or feedback, please email them to:
dnsbl@the42.net
PJ Goodwin, pj@the42.net
Copyright 2002 PJ Goodwin. All rights reserved.
This is program is free software; you may redistribute it and/or modify it under the same terms as Perl itself.