Not logged in — Log In DroneBL
Using DroneBL: An overview
--------------------------

DroneBL only offers public access to its data in the form of a DNSBL. A
more robust lookup feature is available for security professionals with
an RPCKey via [RPC2 lookups](rpc2).  If you would like to propose
another format, we would enjoy your suggestions!  Please ask on
[IRC](irc://irc.dronebl.org/dronebl).

For more information, see the [FAQ](faq).


Using the DroneBL DNSBL service
-------------------------------

The DroneBL database is exported in the format of an [rbldnsd][rbldnsd]
compatible file. We then load this into various rbldnsd installations,
which are exported to the public internet via the `dnsbl.dronebl.org`
DNS zone.

  [rbldnsd]: http://www.corpit.ru/mjt/rbldnsd.html

You may use the DroneBL DNSBL service free of charge for both commercial
and non-commercial purposes. Some examples are listed below. However,
we ask that if you are using this service commercially that you contribute
to the ecosystem of the DroneBL in a positive way. There are many ways of
doing this (hosting a DNSBL mirror, working on the code, etcetera), read
the [FAQ](faq) for suggestions and procedures.


### How to perform a manual DNSBL lookup

   1. Take the client's IP address--say, `192.168.42.23` -- and reverse the bytes, yielding `23.42.168.192`.
   2. Append the DNSBL's domain name, resulting in: `23.42.168.192.dnsbl.dronebl.org`.
   3. Look up this name in the DNS as a domain name ("A" record).
      This will return either an address, indicating that the client is 
      listed; or an `NXDOMAIN` ("No such domain") code, indicating that the client is not.

Looking up an address in a DNSBL is thus similar to looking it up in reverse-DNS.
The differences are that a DNSBL lookup uses the "A" rather than "PTR" record type,
and uses a forward domain (such as `dnsbl.dronebl.org` above) rather than the special
reverse domain `in-addr.arpa`.

### charybdis 2.0 and later blacklist {}

If you add the following to your blacklist {} block, your charybdis server
will check DroneBL. As an example:

	blacklist {
	        host = "dnsbl.dronebl.org";
	        reject_reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup";
	};

### charybdis 2.2 and later blacklist {}

If you add the following to your blacklist {} block, your charybdis server
will check DroneBL. As an example:

	blacklist {
	        host = "dnsbl.dronebl.org";
	        reject_reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup?ip=${ip}";
	};

### InspIRCd

If you are using the `m_dnsbl.so` module, you can add this line to your configuration:

	<dnsbl name="DroneBL" domain="dnsbl.dronebl.org" action="ZLINE" reason="You are listed in DroneBL. Please visit http://dronebl.org/lookup?ip=%ip%" bitmask="253">

### BOPM/HOPM

BOPM/HOPM can be configured to check DroneBL too. Recent versions of BOPM/HOPM
contain an example configuration for doing so, and are pre-configured to
send new proxy reports to DroneBL as well.

	blacklist {
		name = "dnsbl.dronebl.org";
		type = "A record reply";
		reply {
			2 = "Sample";
			3 = "IRC Drone";
			5 = "Bottler";
			6 = "Unknown spambot or drone";
			7 = "DDOS Drone";
			8 = "SOCKS Proxy";
			9 = "HTTP Proxy";
			10 = "ProxyChain";
			11 = "Web Page Proxy";
			12 = "Open DNS Resolver";
			13 = "Brute force attackers";
			14 = "Open Wingate Proxy";
			15 = "Compromised router / gateway";
			16 = "Autorooting worms";
			17 = "Automatically determined botnet IPs (experimental)";
			18 = "DNS/MX type hostname detected on IRC";
			255 = "Unknown";
		};
		ban_unknown = no;
		kline = "PRIVMSG OperServ :akill add +3h *@%i You have a host listed in the DroneBL. For more information, visit https://dronebl.org/lookup?ip=%i&network=Network"; 
	};

For more information, visit the [BOPM website](https://github.com/blitzed-org/bopm) or [HOPM website](https://github.com/ircd-hybrid/hopm).

Note: In order to be able to report to DroneBL, you are required to have a RPC Key.

Change **dnsbl_from** to *your_rpckey@your_domain.tld* and set **dnsbl_to** to *bopm-report@dronebl.org*.

### Postfix

You can use *smtpd_recipient_restrictions* to restrict access via the DroneBL. This may prove advantageous in blocking SPAM due to the 
unique list of proxies and infected machines we have. To do so, add to your smtpd_recipient_restrictions:

	    reject_rbl_client dnsbl.dronebl.org

### hosts.deny: Using DroneBL as a firewalling measure

It is now possible to use DroneBL to help reduce attacks from inbound machines by
using [this script](/downloads/checkdnsbl.sh) and calling it from `hosts.deny`:

	    sshd : 10.0.0.0/24, 127.0.0.1 : allow
	    ALL : 192.168.0.0/32 : deny
	    ALL EXCEPT httpd : ALL : aclexec /usr/local/bin/checkdnsbl.sh %a

Thanks to rojo for the tip.
View Document