IPv4 Address:-
IPv6 Address:-
Service Provider:-
SSL Information:-
HTTP Protocol:-
Database:-
Web:-
Information about DNSBLs

I operate several DNS blacklists which are available for anyone to use.

They are safe and secure, running from several diverse nameservers in multiple locations.
These DNS blacklists are, of course, also reachable via IPv6.

NOTE: The DNS blacklists are now DNSSEC signed with a full chain from root to individual entries.

There are no query limits on this service, and they are used by many people already including several IRC networks.

    .tor.dan.me.uk
        This DNS blacklist contains ALL tor nodes (entry, transit and exit nodes)
        Please think carefully before choosing to use this list for blocking purposes.
    .torexit.dan.me.uk
        This DNS blacklist contains only tor EXIT nodes

Updates/Complaints
  The tor nodelist is updated every 30 minutes automatically from the live tor network.
  There is no complaint procedure to have an IP address removed from this list as it will be
  automatically removed once the tor node ceases to run (with a maximum of 1 hour delay).

Details on how to use them
    To query the DNS blacklist, you must first reverse the IP address. This is called inverse
    addressing.
    e.g. if the IP was 192.0.2.123, you reverse it to 123.2.0.192 and add on the dns blacklist you require.

        e.g.   123.2.0.192.torexit.dan.me.uk

    To query an IPv6 address, you must expand it, then reverse it into "nibble" format.
    e.g. if the IP was 2001:db8::1, you expand it to 2001:0db8:0000:0000:0000:0000:0000:0001 and reverse it.
    In nibble format it is 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2 and add on the dns blacklist you require.

        e.g.   1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.tor.dan.me.uk

    If the IP has a match, the DNS server will respond with an "A" record of 127.0.0.100.
    It will also respond with a "TXT" record with extra information as per below:

        N:<nodename>/P:<port1[,port2]>/F:<flags>

    port1 is the OR (onion router) port, port2 (if specified) is the DR (directory) port.
    Flags are defined as follows:

E
Exit
X
Hidden Exit
A
Authority
B
BadExit
C
NoEdConsensus
D
V2Dir
F
Fast
G
Guard
H
HSDir
N
Named
R
Running
S
Stable
U
Unnamed
V
Valid


NOTE: Hidden Exits are based on exit policies of the node.
Any node that permits one or more ports to exit (while not advertising the 'Exit' flag) is considered a hidden exit node.

Zone Transfers
    If you believe you will be making thousands of queries per hour, I may let you transfer the
    zonefiles for a locally cached version of these DNSBLs. I will review these on a case-by-case basis,
    contact me via email. My address is available by clicking the email icon in the bottom left corner.

Copyright © 2025 Daniel Austin MBCS.
Proudly hosted using the FreeBSD operating system.
 
E-mail me
PGP Key
E-mail me
LOGGED IN
Login
padlock icon
LOGIN ERROR#123: random error here