Previous Next Up FAQ Table of Contents

8.4 DNS Blacklisting

VolanoChat supports two types of DNS-based blacklists (DNSBLs), one for denying access to externally open proxy servers and the other for detecting dynamically assigned Internet Protocol (IP) addresses, such as those used for most dial-up accounts. This functionality uses standard DNS name resolution protocol in a specialized way that will allow the chat server to receive and process a response from a 3rd party blacklist.

Open proxies

Open proxies make a chat connection on behalf of the client, allowing the client to mask their true IP address. Usually a person would do this if they were planning on causing trouble on your chat server and did not want to be found.

The list of blacklists defined by dnslist.denied is checked by each connecting client. If the host address is found in one of the blacklists, the client is denied access.

Dial-up Detection

The VolanoChat server can attempt to identify whether a user is connecting via a dial-up account or with a static IP address by using special dial-up blacklists. The list of blacklists defined by dnslist.dynamic is checked when a monitor bans an address from the server. If the host address is on one of the blacklists, it is determined to be a dynamic IP address, and the dynamic and network block settings for the ban control apply. Otherwise the host is assumed to be using a static IP address and only that address is banned. This control prevents dial-up users from dropping the connection and connecting a few seconds later to continue their behavior. It has the side affect, though, of also banning any other users connecting from that dial-up service, so the ban duration should be kept relatively short. By default the dial-up ban duration is set for one hour.


The DNS blacklists are separated by white space and in the format zone:response, where the zone part is required and the :response part is optional. If no response is specified for a blacklist, any response from the DNS query indicates that the address is on the list. Otherwise, only the specific response specified indicates the address is on the list.

The defaults are:


Some examples are:

When checked against the 3,370 unique hosts connecting to the VolanoChat demo server on February 20, 2002, the following results were returned. For the open proxy check, only two addresses were detected among both DNS blacklists:

For the dynamic IP address check, 1,170 out of the 3,370 addresses (53 percent) were detected as dynamic when all six lists were used:

DNS Blacklist                         Detected as Dynamic
------------------------------------  -------------------       1199  36%  1047  31%     703  21%              634  19%        448  13%         422  13%

Top list (      1199  36%
Top 2 lists combined                  1647  49% (+ 13%)
Top 3 lists combined                  1719  51% (+  2%)
Top 4 lists combined                  1742  52% (+  1%)
Top 5 lists combined                  1752  52% (+  0%)
All 6 lists combined                  1770  53% (+  1%)

Keep in mind that the blacklists defined by dnslist.denied are checked each time someone connects to your VolanoChat server. Since each of DNS lookup may take a few seconds, you want to keep this list to a minimum, since it can add a delay to the time it takes each visitor to connect. The blacklists defined by dnslist.dynamic, on the other hand, are used only when a monitor bans a visitor.

Previous Next Up FAQ XHTML 1.0 Table of Contents

2014-07-11 — An updated version of the VOLANO chat server that supports the latest Java 8 Plug-in is now available. More…

The VOLANO® chat software for the Java™ platform lets you build on-line communities and add real-time social networking to your Web site. More…

John Neffenger <>