≡ Menu

How to do RBL/DNSBL lookups using PHP? With Examples…

I need to check RBL/DNSBL listings using my PHP scripts. Is there a library that I can use to do this on my CentOS Linux server?

There is a library called Net_DNSBL that can be used to do this. In this tutorial, I will explain with examples, how to use this library.

What is a DNSBL list?

A DNS-based Blackhole List (DNSBL) or Real-time Blackhole List (RBL) is a list of IP addresses published through the Internet Domain Name Service (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time. DNSBLs are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists. Note that all mail servers automatically check RBL listings. If the sender IP is listed in any of the DNSBL hosts, the mail server will automatically reject the incoming mail!

First, you need to install the PHP library:

pear install net_dnsbl

This will output the following. It may even prompt you to download and install. In that case you need to press the character ‘y’ to install the package.

[root@server ~]# pear install net_dnsbl
WARNING: channel "pear.php.net" has updated its protocols, use "pear channel-update pear.php.net" to update
WARNING: "pear/Net_DNS" is deprecated in favor of "pear/Net_DNS2"
downloading Net_DNSBL-1.3.7.tgz ...
Starting to download Net_DNSBL-1.3.7.tgz (8,125 bytes)
.....done: 8,125 bytes
downloading Cache_Lite-1.7.15.tgz ...
Starting to download Cache_Lite-1.7.15.tgz (32,355 bytes)
...done: 32,355 bytes
downloading Net_DNS-1.0.7.tgz ...
Starting to download Net_DNS-1.0.7.tgz (32,647 bytes)
...done: 32,647 bytes
downloading HTTP_Request2-2.1.1.tgz ...
Starting to download HTTP_Request2-2.1.1.tgz (99,151 bytes)
...done: 99,151 bytes
downloading Net_URL2-2.0.0.tgz ...
Starting to download Net_URL2-2.0.0.tgz (11,325 bytes)
...done: 11,325 bytes
install ok: channel://pear.php.net/Cache_Lite-1.7.15
install ok: channel://pear.php.net/Net_DNS-1.0.7
install ok: channel://pear.php.net/Net_URL2-2.0.0
install ok: channel://pear.php.net/HTTP_Request2-2.1.1
install ok: channel://pear.php.net/Net_DNSBL-1.3.7

Now to verify on whether Net_DNSBL was installed correctly, you can view the packages installed by pear by using the list command:

pear list
OR
pear list | grep -i net_dnsbl

This will output something like the following:

[root@server ~]# pear list
Installed packages, channel pear.php.net:
=========================================
Package          Version State
Archive_Tar      1.3.7   stable
Cache_Lite       1.7.15  stable
Console_Getopt   1.2.3   stable
HTTP_Request2    2.1.1   stable
Net_DNS          1.0.7   stable
Net_DNS2         1.2.5   stable
Net_DNSBL        1.3.7   stable
Net_URL2         2.0.0   stable
PEAR             1.9.4   stable
Structures_Graph 1.0.4   stable
XML_RPC          1.5.4   stable
XML_Util         1.2.1   stable

Now you have Net_DNSBL installed on your server. Here is a simple piece of PHP code that checks listings of an IP address against a host:

require_once('Net/DNSBL.php');

function checkIP($ipaddress, $host)
{
	$dnsbl = new Net_DNSBL();
	$dnsbl->setBlacklists(array($host));
	if ($dnsbl->isListed($ipaddress)) 
	{
		return TRUE;
	}
	else
	{
		return FALSE;
	}
}

The function above checks the passed in $ipaddress for listings in the passed in $host. If it is listed, the function will return true and if the IP address is not listed, it will return false.

The host can be any DNSBL provider, like SpamHaus.

Here is a list of all RBL/DNSBL hosts that I use on my site when I have to do DNSBL listings check:

bl.spamcop.net
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
sbl.spamhaus.org
xbl.spamhaus.org
zen.spamhaus.org
pbl.spamhaus.org
dialups.mail-abuse.org
dnsbl.njabl.org
dnsbl.sorbs.net
dul.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
smtp.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
spam.dnsbl.sorbs.net
duinv.aupads.org
dyna.spamrats.com
access.redhawk.org
dnsbl.ahbl.org
tor.ahbl.org
psbl.surriel.com
0spam.fusionzero.com

If you choose to check all of these hosts, the speed will be quite slow. It takes about a second to check all of these hosts on my Linux CentOS box. To make the look ups fast, you may choose to check only the most important DNSBL hosts, like SpamHaus and SpamCop. You may also need to implement some form of caching for a day or even a month before which you re-check the hosts.

Comments on this entry are closed.