In article <20180102170409.GA5619@gsp.org> you write:
On Tue, Jan 02, 2018 at 04:46:02PM +0000, Mel Beckman quoted:
"rbl.iprange.net will mark every ip address as listed to force removal of this server."
Apparently they didn't read section 3.4 of RFC 6471:
I agree that listing the world is a bad idea but I feel their pain, having a few DNSBL-like things here that are hammered on at great length by broken clients. If you want the traffic to go away, what do you do? I run a little DNS server at contacts.abuse.net that provides abuse contact information in TXT records. For reasons I can only imagine, a few hosts hammer on them like crazy (one seems to have the goal of looking up every 2ld in the .at domain) which is a pain. So I've started doing nameserver poisoining. If one of those annoying hosts asks for, say, foo.bar.contacts.abuse.net which is how you ask for the contacts for domain foo.bar, it returns bar.contacts.abuse.net. NS 604800 abcde.n.contacts.abuse.net. ... bar.contacts.abuse.net. NS 604800 qwert.n.contacts.abuse.net. with 12 fake NS records with randomish hostnames. Then when they do A or AAAA lookups for those host names, I send back a couple of dozen fake A or AAAA records. In my experience that makes them go away pretty fast, with only the occasional revisit when they want something in an obscure TLD that I haven't poisoned yet. This is all written in perl, which turned out to be pretty easy, and not using Net::DNS or anything like that, either. I suppose if I wanted to do this on behalf of a normal nameserver I could use some packet filters to divert traffic from annoying hosts to the poison server. R's, John