Achievements
This page has been visited an unknown number of times.
Page last generated:
2025/06/15 11:16:00.
DNSBL Check in Node.js: A quick & simple guide
This post was written 2025-05-14 22:00:00 -0700 by Robert Whitney and has been viewed an unknown number of times since unknown time. This post was last viewed an unknown length of time ago.
DNSBL (Domain Name System Blacklist) is a method used to identify and block IP addresses associated with spam or malicious activity. In this article, we will explore how to perform a DNSBL lookup using Node.js. If you are already familiar with DNSBLs and are interested in running a DNSBL check out my guide covering how to set up your own DNSBL server using Node.js.
The concept of how to perform a lookup is very simple, you simply reverse the IP address of the client IP address that you want to check, and append the DNSBL domain name to it.
For instance if the client's IP address is 172.16.10.51, and you want to check against the DNSBL domain name zen.spamhaus.org, you would reverse the IP address to 51.10.16.17.zen.spamhaus.org.
If the IP address is blacklisted then you should get a response with a localhost (127.0.0.x) address for the A record. If the IP address is not blacklisted, then you will get a response with a non-localhost address, or no response at all.
The following code example shows how to perform a DNSBL lookup using Node.js.
It uses the dns module to perform the DNS lookup and reverses the IP address with a simple split and reverse and join.
var hostname = ip.split('.').reverse().join('.') + '.' + server;
undefined
When the above code is executed it will output something similiar to the following:
$ ./dnsbl-check.js xxx.xxx.xxx.xxx
[ ] dnsbl.spfbl.net
[ ] dnsbl.spamcop.net
[ ] zen.spamhaus.org
[ ] dnsbl.sorbs.net
[X] spambot.bls.digibase.ca
[ ] bl.spamcannibal.org
[X] all.s5h.net
[ ] dnsbl.anti-spam.org.cn
[ ] dnsbl.njabl.org
I wrote this post after realizing that I have a backlink from unit 42 at Palo Alto Networks to an old blog post of mine that has since been deleted.
My original post was essentially the same as this one, but it was written in PHP.
After looking at the Palo Alto Networks post I went straight to work on this one to ensure that their backlink was not wasted.
I hope you find this post useful and informative.
On a side note I noticed while writing my new example in node that if you are using a blacklisted IP address to perform a DNS lookup then you will not receive a meaningful response from some DNSBL servers. This is likely to combat abuse of the DNSBL servers by spammers to check if their IP addresses are blacklisted before launching a spam campaign with them. The Palo Alto Networks Unit 42 article had referenced at least one active botnet of the time that did such checks on the IP addresses that it use(s|d) for spam.
Robert Whitney
Thing Breaker, Stuff Fixer, and Sh!# Sorter
xnite, real name Robert Whitney, is a self-taught computer programmer with a passion for technology. His primary focus is on secure, reliable, and efficient software development that scales to meet the needs of the modern web. Robert has been writing since 2010 and has had contributions published in magazines such as 2600: The Hacker Quarterly. His background in technology & information security allows him to bring a unique perspective to his writing. Robert's work has also been cited in scientific reports, such as "Future Casting Influence Capability in Online Social Networks: Fake Accounts and the Evolution of the Shadow Economy" by Matthew Duncan, DRDC Toronto Research Centre.
For Minecraft related inquiries feel free to reach out to the community on the Break Blocks Club discord server, for everything else please email me at admin@xnite.me
You can also find me on the various social media platforms listed on my website, but I do not check them often.
| Repository | Author | Release Version | Release Date | Links |
|---|