
Prometheus compatible exporter to query DNSBLs/RBLs.

This is a server which checks the configured hosts against various DNSBL (sometimes refered to as RBLs).

The idea is to scrape /metrics using Prometheus to create graphs, alerts, and so on.

See rbls.ini and targets.ini files in this repository. The files follow the nagios format as this exporter is meant to be a drop-in replacement so you can factor out Nagios, one (simple) step at a time. :-)


$ dnsbl-exporter -h
--config.dns-resolver value  IP address of the resolver to use. (default: "")
--config.rbls value          Configuration file which contains RBLs (default: "./rbls.ini")
--config.targets value       Configuration file which contains the targets to check. (default: "./targets.ini")
--web.listen-address value   Address to listen on for web interface and telemetry. (default: ":9211")
--web.telemetry-path value   Path under which to expose metrics. (default: "/metrics")
--log.debug                  Enable more output in the logs, otherwise INFO.
--log.output value           Destination of our logs: stdout, stderr (default: "stdout")
--help, -h                   show help
--version, -V                Print the version information.


  1. Go to release and grab a release for your platform.
  2. Get rbls.ini and put it next to the binary.
  3. Get targets.ini, and customize. Or use the defaults.
  4. ./dnsbl-exporter

Go to in your browser.


Docker/OCI images are available in the container registry:

$ docker pull ghcr.io/luzilla/dnsbl_exporter:vX.Y.Z

Please note: latest is not provided.

The images expect target.ini and rbls.ini in the following location:


Either start the container and supply the contents, or build your own image:

docker run \
    --rm \
    -e DNSBL_EXP_RESOLVER=your.resolver:53 \
    -p 9211:9211 \
    -v ./conf:/etc/dnsbl-exporter \
FROM ghcr.io/luzilla/dnsbl_exporter:vA.B.C

ADD my-target.ini /etc/dnsbl-exporter/target.ini
ADD my-rbls.ini /etc/dnsbl-exporter/rbls.ini


The individual configured servers and their status are represented by a gauge:

luzilla_rbls_ips_blacklisted{hostname="mail.gmx.net",ip="",rbl="ix.dnsbl.manitu.net"} 0

This represent the server's hostname and the DNSBL in question. 0 for unlisted and 1 for listed. Requests to the DNSBL happen in real-time and are not cached. Take this into account and use accordingly.


In order to use this, a proper DNS resolver is needed. Proper means: not Google, not Cloudflare, OpenDNS, etc.. Instead use a resolver like Unbound.

To test on OSX, follow these steps:

$ brew install unbound
$ sudo unbound -d -vvvv

(And leave the Terminal open — there will be ample queries and data for you to see and learn from.)

Verify Unbound is working and resolution is working:

 $ dig +short @ spamhaus.org

License / Author

This code is Apache 2.0 licensed.

For questions, comments or anything else, please get in touch.


