Votes:
Is there a list of blacklist servers available that I can use with the IP on DNS Blacklist sensor?
Created on Jun 20, 2012 9:30:43 AM by
Last change on May 17, 2019 12:28:06 PM by
12 Replies
Votes:
This article applies as of PRTG 22
By default, the IP on DNS Blacklist sensor checks some default blacklist servers. You can add additional servers as a comma-separated list. See the links below for more servers.
With each scanning interval, the IP on DNS Blacklist sensor queries all servers that you entered in the sensor settings. In our tests, 50 blacklist servers with a 5-minute scanning interval worked fine. Values in your network may vary, depending on the connection speed and availability of servers.
We recommend that you do not enter more than 10 servers to make sure that the sensor can complete the check within its scanning interval.
If you use too many blacklist servers, the sensor shows this error message:
Your request has timed out. Depending on the sensor type you use, the reason might be that the sensor could not connect to the target host or that a PowerShell command takes too long to execute. For more information, see https://kb.paessler.com/en/topic/71899 or https://kb.paessler.com/en/topic/37633. (code: PE018)
Note: As of PRTG 15.2.17, the IP on DNS Blacklist sensor follows RFC 5782, where IPv4-based DNSxLs (blacklists and whitelists) must contain an entry for 127.0.0.2 for testing purposes. In previous versions, the sensor did not check this, which provided a false sense of security when using nonexisting (or no longer existing) DNS blacklist servers that always report that the IP address is not listed.
Created on Jun 20, 2012 9:37:22 AM by
Last change on Jan 3, 2023 7:54:29 AM by
Votes:
Many of the servers on that external list are now generating errors as per the note above. This is the edited list of servers from http://dnsbllookup.com/ which currently work ok with PRTG.
access.redhawk.org,all.s5h.net,all.spamrats.com,b.barracudacentral.org,bl.blocklist.de,bl.mailspike.org,bl.score.senderscore.com,bl.spamcop.net,bl.spameatingmonkey.net,cidr.bl.mcafee.com,db.wpbl.info,dnsbl-1.uceprotect.net,dnsbl-2.uceprotect.net,dnsbl-3.uceprotect.net,dnsbl.dronebl.org,dnsbl.justspam.org,dnsbl.kempt.net,dnsbl.sorbs.net,ips.backscatterer.org,ix.dnsbl.manitu.net,korea.services.net,mail-abuse.blacklist.jippg.org,psbl.surriel.com,spam.dnsbl.sorbs.net,spam.pedantic.org,spamsources.fabel.dk,tor.dan.me.uk,truncate.gbudb.net,ubl.unsubscore.co
Last change on Apr 14, 2020 10:27:25 AM by
Votes:
@Stephan: The sensor will check the IP/DNS record of it's parent device against the blacklists. So the parent device must have an IP/DNS name which is reachable from the internet.
Best regards
Created on Jun 24, 2016 12:04:47 PM by
Votes:
Why does the sensor check the parent's IP ? Wouldn't be easier to scan a provided IP ?
According to this thread we should be able adding a provided line specifying IP and BL:
IPonDNSBL I suppose this is the sensor "IP on DNS blacklist" but I could not find a field for this line. Is there an old content?
| Enter one or more blacklist servers to query. If you define several blacklist servers, separate the individual entries with commas and no spaces in between. Default is bl.spamcop.net. Further Help (Manual) |
Thank you.
Last change on Nov 26, 2018 6:03:15 AM by
Votes:
Hi there,
The sensor uses the parents device IP/DNS name and queries this against the provided blacklist server or the provided list of blacklist servers.
Or do you want the sensor to have its own "Target IP/DNS name" field and the "Blacklist Servers" field?
Best regards.
Created on May 15, 2017 8:22:38 AM by
Votes:
| the sensor to have its own "Target IP/DNS name" field and the "Blacklist Servers" field? |
YES
Finally my question is where should I insert this string ?
| IPonDNSBL -ip=mail.paessler.com [-bl=bl.spamcop.net] |
Last change on Nov 26, 2018 6:03:34 AM by
Votes:
Hi there,
I am afraid that we won't change this as almost all sensors are using the parent devices IP/DNS name, sorry.
To use the exe by yourself, simply provide the parameters "-ip" is the parameter for the IP/DNS name that has to be checked against the blacklist servers. The "-bl" server is for the blacklist server or the multiple blacklist servers.
Best regards.
Created on May 15, 2017 9:25:17 AM by
Votes:
Sure I understand that you won't change.
"To use the exe by yourself" What exe are we talking about ? Is it a exe behind the sensor ??
I can't see explaination about this here
I'm affraid I don't understand, what exactly PRTG provide to monitor for example our IPs for MX, SMTP. I'm confused because of these two links which explain different approach.
Because I monitor our Exchange server with a local IP. So I would have to add a "fake" device with the external IP and so on with all our IPs ?
Last change on Nov 26, 2018 6:04:03 AM by
Votes:
Hi there,
Well you have to provide the paramters "-ip" and "-bl" if you want to use the EXE behind the sensor, correct (ProgramDir\Sensor System).
As we have already explained, PRTG uses the IP or DNS Name of the parent device where the sensor is added to. The blacklist servers that are contacted are submitted via the sensor settings:
So if you want to check multiple WAN IPs against the blacklist servers, then you have to add a device for each IP and a sensor to each device.
Best regards.
Created on May 15, 2017 8:55:52 PM by
Votes:
Hi there,
The sensor is actually provided by PRTG-Tools-Family, so you could also get the sensor there.
To use the sensor as a custom EXE, just copy it to "C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXE" and add a "EXE/Script" Sensor within PRTG. In the sensor settings you can provide the parameter as following:
| -ip=127.0.0.1 -bl=blacklist.server |
Afterwards add the channel limit to the created channel by setting "Upper Error Limit" to "0" in the channel settings.
Best regards.
Created on May 16, 2017 7:16:52 PM by
Add comment