<dnsbl name="dnsblname" type="bitmask" domain="dns.domain.org" action="KILL" reason="youre banned!" duration="1d" bitmask="5">

OR:

<dnsbl name="dnsblname" type="record" domain="dns.domain.org" action="KILL" reason="youre banned!" duration="1d" records="1,2,6,19,24-38">

Where the attributes are as follows:

• name: A readable name for the blacklist, e.g. Blitzed OPM
• type: The type of blacklist, either bitmask or record.
• domain: the dns domain the bl uses, e.g. opm.blitzed.org
• action: one out of KILL, ZLINE, KLINE, GLINE (case sensitive!)
• reason: any text you want to use as banreason or tag (%ip% will be replaced by the user's ip)
• duration: how long you want to enforce the ban (takes no effect on KILL, defaults to 24hours)
• bitmask: For bitmask type blacklists, this is an AND mask the result from the rbl is masked again, e.g. if you only want results 1 and 4, enter 5(=1 | 4) here. Must be greater than 0 (use 255 for matching all Class C backlist results)
• records: For record type blacklists (1.2 only) this is a list of A record replies which cause a match for this blacklist. This value can contain lists or ranges of integer values, e.g. "1,2,3,5-9" to match all values within the range 1,2,3,5,6,7,8,9.

NOTE: A blacklist may only make use of one of either records or bitmask at any one time, depending on the value of type.

• Examples for popular DNSBLs

<dnsbl name="Tor sectoor.de"
       domain="tor.dnsbl.sectoor.de"
       action="GLINE"
       reason="Tor exit server detected. Please visit http://www.sectoor.de/tor.php?ip=%ip% for more information."
       duration="1h"
       bitmask="1">