I operate several DNS blacklists which are available for anyone to use. They are safe and secure, running from several diverse nameservers in multiple locations. These DNS blacklists are also reachable via IPv6.
NOTE: The DNS blacklists are now DNSSEC signed with a full chain from root to individual entries.
There are no query limits on this service, and they are used by many people already including several IRC networks.
This DNS blacklist contains ALL tor nodes (entry, transit and exit nodes) - think carefully before choosing to use this list for blocking purposes.
This DNS blacklist contains only tor EXIT nodes
The tor nodelist is updated every hour automatically from the live tor network.
There is no complaint procedure to have an IP address removed from this list as it will be
automatically removed once the tor node ceases to run (with a maximum of 1 hour delay).
Details on how to use them
To query the DNS blacklist, you must first reverse the IP address. This is called inverse
e.g. if the IP was 188.8.131.52, you reverse it to 184.108.40.206 and add on the dns blacklist you require.
If the IP has a match, the DNS server will respond with an "A" record of 127.0.0.100.
It will also respond with a "TXT" record with extra information as per below:
Flags are defined as follows:
X Hidden Exit
NOTE: Hidden Exits are based on exit policies of the node. Any node that permits one or more ports to exit is considered a hidden exit node.
If you believe you will be making thousands of queries per hour, I may let you transfer the
zonefiles for a locally cached version of these DNSBLs. I will review these on a case-by-case basis,
contact me via the About Me page.
- You're connected from 220.127.116.11 (via AS14618: Amazon.com, Inc. from , EU # Cou) using a 256-bit SSL IPv4 connection.
Local (Bolton, UK) weather: 4.0°C - Humidity: 81% - Wind: 11.4mph W - Rain: 0.6mm - Forecast: Exceptional Weather, Settled fine