Is there a list of blacklist servers available that I can use with the IP on DNS Blacklist sensor?
This article applies to PRTG Network Monitor 19 or later
IP on DNS blacklist servers
By default, the IP on DNS Blacklist sensor checks some default blacklist servers. You can of course enter any servers you want to (as a comma-separated list).
To help you find some servers, see the link below.
Use with care
With each scanning interval, the IP on DNS Blacklist sensor queries all servers that you entered in the sensor settings! In our tests, 50 blacklist servers with a 5-minute scanning interval worked fine. Values in your network may vary, depending on the connection speed and availability of servers.
We recommend that you do not enter more than 10 servers to make sure the check can be completed within the scanning interval of the sensor.
If you use too many blacklist servers, the sensor will show an error message:
Your request has timed out. Depending on the sensor type you use, the reason might be that the sensor could not connect to the target host or that a PowerShell command takes too long to execute. For more information, see https://kb.paessler.com/en/topic/71899 or https://kb.paessler.com/en/topic/37633. (code: PE018)
List of blacklist servers
For a list of other blacklist servers, see for example:
Note that you will have to pick some of them and put them together in a comma-separated list (without spaces in between).
Note: As of PRTG version 15.2.17, the IP on DNS Blacklist sensor follows RFC 5782, where IPv4-based DNSxLs (blacklists and whitelists) must contain an entry for 127.0.0.2 for testing purposes. In previous versions, the sensor did not check this, which provided a false sense of security when using non- (or no longer) existing DNS blacklist servers that always report that the IP is not listed.
Many of the servers on that external list are now generating errors as per the note above. This is the edited list of servers from http://dnsbllookup.com/ which currently work ok with PRTG.
Hello, i want to check more than a Blacklist Server.
But i get the message "Error checking spam.dnsbl.sorbs, it contains no entry for 127.0.0.2"
Is the an workarround?
@Stephan: The sensor will check the IP/DNS record of it's parent device against the blacklists. So the parent device must have an IP/DNS name which is reachable from the internet.
Why does the sensor check the parent's IP ? Wouldn't be easier to scan a provided IP ?
According to this thread we should be able adding a provided line specifying IP and BL:
- Can I check an IP address against blacklist servers using DNSBL? (besides the link is down)
IPonDNSBL I suppose this is the sensor "IP on DNS blacklist" but I could not find a field for this line. Is there an old content?
|Enter one or more blacklist servers to query. If you define several blacklist servers, separate the individual entries with commas and no spaces in between. Default is bl.spamcop.net. Further Help (Manual)|
The sensor uses the parents device IP/DNS name and queries this against the provided blacklist server or the provided list of blacklist servers.
Or do you want the sensor to have its own "Target IP/DNS name" field and the "Blacklist Servers" field?
|the sensor to have its own "Target IP/DNS name" field and the "Blacklist Servers" field?|
Finally my question is where should I insert this string ?
|IPonDNSBL -ip=mail.paessler.com [-bl=bl.spamcop.net]|
I am afraid that we won't change this as almost all sensors are using the parent devices IP/DNS name, sorry.
To use the exe by yourself, simply provide the parameters "-ip" is the parameter for the IP/DNS name that has to be checked against the blacklist servers. The "-bl" server is for the blacklist server or the multiple blacklist servers.
Sure I understand that you won't change.
"To use the exe by yourself" What exe are we talking about ? Is it a exe behind the sensor ??
I can't see explaination about this here
I'm affraid I don't understand, what exactly PRTG provide to monitor for example our IPs for MX, SMTP. I'm confused because of these two links which explain different approach.
Because I monitor our Exchange server with a local IP. So I would have to add a "fake" device with the external IP and so on with all our IPs ?
Well you have to provide the paramters "-ip" and "-bl" if you want to use the EXE behind the sensor, correct (ProgramDir\Sensor System).
As we have already explained, PRTG uses the IP or DNS Name of the parent device where the sensor is added to. The blacklist servers that are contacted are submitted via the sensor settings:
- IP that will be checked (your MailServer) is set in the parent device
- contacted Blacklist Servers are set in the sensor settings itself
So if you want to check multiple WAN IPs against the blacklist servers, then you have to add a device for each IP and a sensor to each device.
Okay I finally understood because you provided me the path for the EXE. I thaught I could use the EXE within PRTG and was looking in this way. In a command line it works well with sbl-xbl.spamhaus.org, bl.spamcop.net... I'll then probably write a PS script which use the EXE. I'm not a noob with but almost.
But also if the link of this page was not broken I would certainly have understood quicker "The Custom Sensor can be downloaded from this page"
The sensor is actually provided by PRTG-Tools-Family, so you could also get the sensor there.
To use the sensor as a custom EXE, just copy it to "C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXE" and add a "EXE/Script" Sensor within PRTG. In the sensor settings you can provide the parameter as following:
Afterwards add the channel limit to the created channel by setting "Upper Error Limit" to "0" in the channel settings.