pfBlockerNG - DNSBL TLDs -- White list?



  • Am I reading the info blocks correctly? It doesn't look like there's a way to use a "blacklist TLDs by default" model?

    For example: if I want to whitelist .com, .net, .org, .edu (etc) -- and by default block any other tlds, and then run any additional domains through the normal DNSBL feeds, is that possible? (eg terrible.com would still be blocked by feeds).

    If I'm understanding things correctly, it looks like the tld blacklist is always computed based on the feeds? Or am I confused?


  • Moderator

    @boobletins

    DNSBL doesn't have that functionality to whitelist some TLDs (com, net etc_) and Blacklist the other TLDs. Its the reverse.

    What the TLD Blacklist does it block whole TLDs like "ru" or "cn" or "pw" that you manually enter.

    Lists of worst TLDs:
    https://www.spamhaus.org/statistics/tlds/
    http://toolbar.netcraft.com/stats/tlds

    The TLD Whitelist is used to allow specific domains thru the TLD Blacklist. So if you are blocking the "ru" TLD, you could add "rambler.ru" to the TLD Whitelist to allow that specific domain to bypass DNSBL.



  • Ah, yes, that's what I was understanding.

    I don't know if anyone else would be interested, but I would certainly use TLD blocking with the alternate model (blacklist by default, whitelist desired TLDs, and then process exceptions to the whitelist by adding in specifically blacklisted domains).

    Generally, I think that would give me a more maintainable list. I assume most of the newer .tlds are junk (at this point in time, anyway). Rather than trying to keep up with that list, I'd rather have the option to define the list of known good (and most widely used), and go from there.

    Anyway -- just a thought for the future -- maybe others would use that as well.

    The package is great, thanks for all of the work!