diff --git a/lib/pleroma/web/activity_pub/mrf/dns_rbl_policy.ex b/lib/pleroma/web/activity_pub/mrf/dns_rbl_policy.ex index 37e13d4dd..a119073eb 100644 --- a/lib/pleroma/web/activity_pub/mrf/dns_rbl_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/dns_rbl_policy.ex @@ -10,8 +10,14 @@ defmodule Pleroma.Web.ActivityPub.MRF.DnsRblPolicy do defp check_rbl(%{host: actor_host} = _actor_info, object) do rblconfig = Config.get([:mrf_dnsrbl]) - rblhost = rblconfig[:nameserver] + # :nameserver is the RBL server we want to query + rblhost = rblconfig[:nameserver] + + # We have to query the nameserver's by IP, so look it up if an IP address wasn't + # provided in the config. + # You may want this to be a hostname with round-robin A records for basic load + # balancing, so we try that. {:ok, rblnsip} = case rblhost |> String.to_charlist() |> :inet_parse.address() do {:ok, _} -> rblhost |> String.to_charlist() |> :inet_parse.address() @@ -20,10 +26,20 @@ defmodule Pleroma.Web.ActivityPub.MRF.DnsRblPolicy do rblport = rblconfig[:port] + # If the provided nameserver was an IP, we also need to know the zone because we can't + # derive it from the hostname. If the DNSRBL server software is configured to use "bl.pleroma.com" + # -- irrespective of the actual hostname/IP used to reach it -- we need to know this as all queries + # are nested under the zone. e.g., if you're checking the status of pleroma.host you are querying for: + # dig @nameserverip pleroma.host.bl.pleroma.com. in A rblzone = rblconfig[:zone] || rblhost - query = (actor_host <> "." <> rblzone) |> String.to_charlist() + # concatenate the host we're checking with the zone, e.g., "pleroma.host" <> . <> "bl.pleroma.com" <> . + query = (actor_host <> "." <> rblzone <> ".") |> String.to_charlist() + # Timeout of 1s, retry 1 + # We will only be using UDP for queries, so I think if the DNSRBL server is > 500ms away it won't work + # with these values, but you also wouldn't want it to be so far away or it will slow things down. + # I think we should probably try to cache entries in cachex too, maybe 300s TTL ? rbl_response = :inet_res.lookup(query, :in, :a, nameservers: [{rblnsip, rblport}], timeout: 1000, retry: 1)