Skip to content

Checking IP reputation on DNS Blacklists

Checking for the IP reputation is not a new idea, however it is useful when one wants to know that an IP is safe for communication (email, vpn, etc…). Basically, all DNS Blacklists operate the same way.

Given an IP address format (a.b.c.d), one should send the DNS request following this format  d.c.b.a.dns.blacklist.tld.

For instance, the IP address 185.130.5.207  and cbl.abuseat.org  list result in: 207.5.130.185.cbl.abuseat.org

Using Net::DNS::Simple:

use Net::DNS::Simple;
# original IP: 185.130.5.207
my $res = Net::DNS::Simple->new("207.5.130.185.cbl.abuseat.org", "A");

if ( ($res->get_rcode() eq "NOERROR") && ($res->get_ancount() >= 1) ) {
    foreach my $line ( $res->get_answer_section() ) { 
     #sometimes an IP is listed with 127.0.0.[1-5]
        if ( $line =~ /127/ ) {
            print "Found IP: " , $line , "\n";
            exit 0;
        }
    }
}

Another very easy solution is to use DIG:

dig +short 207.5.130.185.cbl.abuseat.org A

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.