As far as I know the DNS-bl is for ISP-only use and RBLs are usually associated with MTA-usage, not Netfilter. Checkdnsbl is a shell script (interpreted), doesn't use 'mktemp', works only if your `man 5 hosts_access` uses "aclexec" (not spawn) and caches queries by sleeping each for 5 minutes (default). So if you
would deploy it for all services on a host that sees lots of connections you'll notice 'sleep' processes the amount of unique IP addresses it checks times the services that get hit. Not that I know of any alternative (the closest I've come to remote checks is
http://people.netfilter.org/~peejix/...oip-HOWTO.html but that's not what you're looking for) and I've seen better methods to wreck performance :-] Why not just use RBLs with your MTA, block ingress and egress bogons, use iptables modules like "recent", deploy Snort with an access blocker, anything but this... makes me wonder (this being the Linux Security forum) what you would get out of it security-wise anyway?.. (and welcome to LQ BTW, hope you like it here)