[rbldnsd] rbldnsd setup and domain hoster

[Skull]

Monk wrote:
> Exactly, I was talking about Fastweb but we have a different view on
> what to block. As we are using dnsbls for irc purposes and have a large
> Italian user base, blocking one of their ISPs is not practicable for us.

It may become a question of choices: Fastweb abuse desk is something
similar to a blackhole, so abusive users are not disconnected, and being
all behind a NAT there is no simple way to distinguish them.

This same problem is being discussed in the it usenet hierarchy due to
the same problems, and blocking feeds coming from Fastweb NATted IP
space is one of the proposals (impose moderation is another one), since
FW is completely unresponsive...


On the other side, Fastweb architecture makes its clients virtually
unreachable from the rest of the internet (except for complex things
like tunnels of some sort), so that, if a FW customer runs an open
proxy, it could be reachable only by other FW customers (since they'r on
the same NATted internal network).

So I think the solution depends on what you're expecting to leave out
from your servers:

- if your will is to prevent abused machines to connect to your IRC
servers and use them as a control channel, or any other sort of things,
you've no simple way to manage FW's customers: you have to block them
all or permit them all

- if you want to prevent users coming from an open-proxy to hide
theirselves, then you could also whitelist the whole bunch of addresses
Fastweb uses for residential NAT (a good resource tracking them is here,
but in italian only: http://plany.fasthosting.it/)


Anyway, I think this is not the right place for this discussion.