nanog mailing list archives
Re: blocklists Amazon AWS cloudfront WAF block
From: John Curran via NANOG <nanog () lists nanog org>
Date: Sun, 1 Jun 2025 11:30:07 -0400
Thanks, John – while cast in DNS-based lists, the RFC definitely includes quite a bit of best practice about blocklist management in general. You make an excellent point about the difficulty of running a useful blocklist; unlike some other areas of Internet infrastructure (e.g., routing with routing table entries, route objects, etc. as visible artifacts), it’s nowhere near as evident whether a blocklist is behaving appropriately – the list and/or individual entries may be visible, but the information feeds that drive such listings are far more opaque. It’s kind of a shame, because our track record for Internet infrastructure would suggest that public visibility and transparency in an area tend to drive improvements in operational coordination – sometimes that’s the result of Internet researchers studying the data and making suggestions, other times it’s industry joint initiatives (e.g., MANRS), and worst case, it’s calling out the bad cases publicly; hard to do any of that given the murky nature of blocklist management… /John
On Jun 1, 2025, at 9:41 AM, John R. Levine <johnl () iecc com> wrote: On Sun, 1 Jun 2025, John Curran wrote:Out of curiosity, is there a reasonably clear document somewhere that describes how such network-level block lists should be operated from the view of network operators; i.e., a “best practice” statement ...Sort of. See RFC 6471, Overview of Best Email DNS-Based List (DNSBL) Operational Practices. Running a useful blocklist is very hard. Everyone who's listed insists that it's a mistake. Sometimes they have odd ideas of their responsibility ("we have no control over the customer, we just take their money and route their packets".) Sometimes they are sure they are special so the regular rules don't apply. Sometimes they are confused. Often they just lie. Occasionally, there really is a mistake but recoginizing it in the noise is not easy. Regards, John Levine, johnl () taugh com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog () lists nanog org/message/PM7BXG4K3GJJRFGEDT24WYZNFQ5M5Z4G/
Current thread:
- Re: Amazon AWS cloudfront WAF block John Curran via NANOG (Jun 01)
- Re: blocklists Amazon AWS cloudfront WAF block John R. Levine via NANOG (Jun 01)
- Re: blocklists Amazon AWS cloudfront WAF block John Curran via NANOG (Jun 01)
- Re: blocklists Amazon AWS cloudfront WAF block Rob McEwen via NANOG (Jun 01)
- Re: blocklists Amazon AWS cloudfront WAF block John R. Levine via NANOG (Jun 01)
- Re: blocklists Amazon AWS cloudfront WAF block Jon Lewis via NANOG (Jun 01)
- Re: blocklists Amazon AWS cloudfront WAF block John Curran via NANOG (Jun 01)
- Re: blocklists Amazon AWS cloudfront WAF block John R. Levine via NANOG (Jun 01)