Tag Archives: blacklist

Mr. DNS: Free DNS and Network Diagnostic Tools for Sysadmins and Email Teams

Leave a reply

Mr. DNS is a free collection of DNS and network diagnostic tools built for sysadmins, email administrators, and infrastructure teams. The site has been around for years, went offline for a while, and recently relaunched with an expanded tool set. Everything runs in the browser with no account required. If you work with DNS records, mail servers, or IP reputation, there is something here you will use regularly.

Mr. DNS homepage showing DNS and network diagnostic tools

DNS Tools

The DNS lookup tool handles all common record types: A, AAAA, MX, TXT, NS, SOA, CNAME, PTR, CAA, SRV, TLSA, HTTPS, MTA-STS, and BIMI. Results include TTL, geolocation data for nameservers, and flag icons for quick visual scanning.

The DNS propagation checker queries seven global resolvers simultaneously: Cloudflare, Google, Quad9, OpenDNS, AdGuard, NextDNS, and DNS.SB. Useful when you have just made a DNS change and need to see where it has landed without waiting or querying each resolver manually.

The DNSSEC checker validates the full chain of trust: DS records, DNSKEY records, RRSIG presence, and expiry. Good for confirming a DNSSEC deployment before and after changes.

Email Tools

The email tools are where Mr. DNS gets most of its daily use. The email health checker runs a combined SPF and DMARC evaluation and returns a letter grade (A through F) for your domain. One URL, one result, easy to share with a client or manager who needs a status report.

Mr. DNS email health checker showing an A grade for generatorlabs.com

Individual checkers are also available for SPF, DMARC, and DKIM when you need to dig into a specific record. The email header analyzer parses raw RFC 2822 headers and maps the full relay chain with per-hop timing and authentication results, useful for tracing a delivery failure or diagnosing a spam classification issue.

For teams managing outbound mail infrastructure, the MTA-STS checker validates DNS records and policy files, and the BIMI checker verifies SVG logos and VMC certificates for domains using brand indicators in supported mail clients.

Blacklist Checker

The blacklist checker queries your IP or domain against 15+ major RBLs and returns results in seconds. It is a solid first step when a client reports deliverability problems or when you are onboarding a new IP range and want a quick baseline.

For teams that need ongoing coverage rather than one-off checks, blacklist monitoring from Generator Labs runs continuous checks against hundreds of data sources and sends immediate alerts when a listing is detected. The free tier covers one host with no credit card required.

SSL and Network Tools

The SSL certificate checker inspects certificate details, expiry dates, SANs, issuer chain, and key type for any domain. Useful for a quick manual check before or after a certificate renewal.

For automated tracking across many domains, certificate monitoring from Generator Labs handles the ongoing work: scheduled checks, configurable expiry alert thresholds, and multi-channel notifications before anything expires.

Other network tools include ping, traceroute, port checker, HTTP headers inspector, HTTP/2 and HTTP/3 checker, and a what is my IP tool that detects both IPv4 and IPv6 with geolocation and ASN data.

Generators

Mr. DNS includes generators for SPF records and DMARC records for teams setting up email authentication from scratch. Both walk through the options and output a ready-to-paste DNS record.

Bottom Line

Mr. DNS covers the diagnostic side of DNS and email infrastructure without requiring an account or payment. For the monitoring side, Generator Labs provides continuous blacklist monitoring and certificate monitoring with alerting, picking up where the one-shot tools leave off. Both are worth bookmarking if you manage any kind of mail or DNS infrastructure.

Generator Labs: Blacklist and Certificate Monitoring for Email and Infrastructure Teams

Leave a reply

Generator Labs provides infrastructure monitoring for teams that need to stay ahead of two specific problems: IP and domain blacklistings that kill email deliverability, and SSL certificates that expire without warning. Both products run in the same portal, so you manage everything in one place.

Blacklist Monitoring

Blacklist monitoring runs continuous checks of your IPv4 addresses, IPv6 addresses, and domains against hundreds of RBL and URIBL data sources. The moment a listing is detected, alerts go out through whatever channels you have configured: email, SMS, Slack, Discord, PagerDuty, or webhooks.

Coverage is the differentiator. Free one-shot tools check a handful of the major lists. Generator Labs checks well over a hundred data sources on a schedule, including 30+ premium sources on Enterprise and Ultimate plans that free tools do not cover. You get notified when something changes; you are not logging in to run a manual check.

Other features worth knowing:

Full IPv6 support. IPv4 and IPv6 addresses are both monitored across all plans. As more mail infrastructure goes dual-stack, IPv6 blacklisting is a real and growing issue that most monitoring tools still treat as secondary.

Shareable public reports. Every monitored host gets a public report URL you can hand to a client, ISP, or manager without giving anyone portal access.

REST API. Full programmatic access to monitoring data and controls, with client libraries for PHP, Node.js, and Python.

Generator Labs RBL Monitoring hosts list

Blacklist Monitoring Pricing

  • Free: 1 host, 48-hour check interval, 100+ data sources. Free forever, no credit card required.
  • Professional: $8/month for 20 hosts at 24-hour intervals.
  • Enterprise: $16/month for 50 hosts at 12-hour intervals, premium data sources, custom run times.
  • Ultimate: $0.005 per check, unlimited hosts, custom intervals, all premium sources.

The Ultimate pay-per-check plan scales cleanly for larger deployments. Running 50 hosts daily against 150 data sources works out to roughly $11/month.

Certificate Monitoring

Certificate monitoring tracks SSL/TLS certificate expirations across your domains and sends alerts before anything expires. Add your domains, set alert thresholds, and the service runs automatically from there.

Both publicly-trusted and private or internal CA certificates are supported, which matters for teams running internal infrastructure that does not go through a public CA. Certificate expiry causes outages that are entirely preventable; automated monitoring removes the spreadsheet tracking and calendar reminders that most teams fall back on.

Generator Labs Certificate Monitoring monitors list

Monitoring profiles let you define reusable alert configurations across multiple monitors. Set custom expiration alert windows (5, 15, 30, 60 days, or any combination you need), choose which failure types trigger alerts, and assign private CAs or internal monitoring agents. One profile can cover dozens of monitors.

Generator Labs Certificate Monitoring add profile dialog

Certificate Monitoring Pricing

Certificate monitoring is priced at $0.01 per host per day, with no fixed tiers. You pay for what you monitor and can add or remove domains at any time.

Who It Is For

  • Email service providers and hosting companies monitoring large IP ranges
  • IT and security teams who need immediate notification when a host gets listed
  • Organizations managing many domains who need certificate expiry visibility without manual tracking
  • Developers who want API access to monitoring data for automation or integration

Get Started

Generator Labs offers continuous blacklist monitoring and certificate monitoring with solid alert coverage and a complete API. The free tier is a real free tier. Sign up at portal.generatorlabs.com to get started, no credit card required.

Blacklist Monitoring for Cloud Hosting

Leave a reply

Originally Posted on Blacklist Monitoring with Generator Labs.

Since our inception, we’ve helped thousands of companies and individuals, from all around the world, stay on top of day-to-day threats related to their email and websites. Recently, with the addition of our Facebook Threat Exchange monitoring, we’re helping those same customers battle social media related threats.

Some of our earliest customers have been cloud hosting and cloud computing companies- companies that provide the backbone of the Internet as we know it today.

Cloud Hosting Providers

One specific challenge with this type of company, is the sheer number of IP addresses and domains to monitor, and the regular re-use of these IP addresses. The last thing you want, is a brand new customer getting an IP address that is already blacklisted because of something the last owner did.

Another key challenge, is making sure that resources are used “only as needed”. Let’s face it- you don’t want to pay to monitor hosts that aren’t being used- and you shouldn’t have to.

We offer a few key features that makes blacklist monitoring for cloud hosting providers, easier and more affordable.

IP Range Host Type

Normally customers add IP addresses and domains (aka “Hosts”) to the Generator Labs portal individually. If you have 10 to 15 Hosts, this isn’t really a big deal. You can add hosts using our bulk loader, or individually. You can also add Hosts as a range or CIDR block (x.x.x.x/y).

But what if you have thousands of Hosts to monitor? At some point it’s going to become unwieldy to provision, and impossible to manage.

To support this, we built a custom “IP Range” Host type. This lets you add IP addresses as a range or CIDR block, but rather than thousands of IP addresses showing under your account, a single Host entry is shown. Our system will still monitor every single IP address individually– but the full block of IP addresses can be managed as a single entry.

So whether you have a few /24’s or a whole /18- you can easily manage the full IP block with ease.

API Provisioning

Loading all your IP addresses into the system is great, but what if you only want to monitor a sub-set of those hosts? Or if you only want to enable monitoring for hosts that are currently in-use?

Several of our customers have opted to integrate with our web-based API, to provision monitoring on IP addresses as they’re allocated to their customers. That way only active IP addresses are being monitored. This ensures that you’re only paying for monitoring that matters- that will actually impact your business or your customers.

The Generator Labs API is easily integrated into any provisioning or monitoring platform, with just a few simple lines of code:

# wget --post-data="type=rbl&name=Test&host=10.10.10.10" -qO- https://portal.generatorlabs.com/api/host/add.json?api_token=x

{
    "status_code": 200,
    "status_message": "Hosts added successfully.",
    "data": [
        {
            "id": "37c46a725dd8adab28d35b9f200c198d",
            "host": "10.10.10.10",
            "name": "Test"
        }
    ],
    "version": "2.0"
}

Easily enable monitoring on a Host when it’s allocated to a customer, and then disable it when it’s de-allocated- it’s a simple as that.

Contact Groups

When we identify an issue with any of your Hosts, we’ll immediately notify you via several different notification methods. These contacts can be broken down into custom contact groups, and assigned to Host. The end result, is that you can have a unique contact for every host under your account:

Cloud Hosting companies can optionally send alerts directly to their customers, notifying them about issues with their IP addresses and domains, and alleviating some of the burden from their network operations staff.

We regularly add new features and tools to make managing and provisioning monitoring services, easier and more effective for our customers.

What are Blacklists and How Do They Work? (Part 1)

Leave a reply

Originally Posted on Generator Labs Blacklist Check Service

Real-Time Blacklists (RBL) are a simple but effective way for organizations around the world, to share the location (in this case, the IP addresses) of email systems that are reputed to send email SPAM.

The most common implementation of these lists are distributed via DNS, and referred to as DNS-based Blacklists (DNSBL). Distributing this data via DNS makes perfect sense; it’s a technology that already exists, and servers all already have access to. It’s fast, and the data (IP addresses and domains) is well suited for DNS.

Types of RBLs

There are hundreds of RBLs available worldwide, managed by hundreds of organizations and individuals. Most RBLs are free to use, some are pay-to-use, and they all have their own methodologies for compiling their databases, and their own processes for being delisted.

Two of the most common and reliable methodologies for collecting data for RBLs, are based on user input, or something they call a “honey pot”.

Crowd Sourced

RBLs based on user input are the most common, and often most reliable. This data is effectively crowd sourced. When an email recipient receives a SPAM message (assuming their system supports it), they can “flag this message as SPAM”. If enough recipients flag the same message as SPAM, the IP address of the sender will be added to the RBL database.

This is common in free email services like Hotmail and Gmail.

Honey Pots

Another common source for RBL data is something called a honey pot. These are basically email addresses that are never used for any legitimate email purposes, and aren’t owned by any end users. They simply exist out on the Internet in places where robots and SPAM aggregators collect email addresses.

Any email that comes to these addresses is by definition unsolicited, and considered SPAM, and will land you on an RBL.

URIBLs

Another type of RBL is the URI Blacklist (URIBL). This is used for distributing domain names of websites that are reputed to send SPAM or to be involved in phishing schemes. So this doesn’t just affect organizations that run their own mail servers, but anyone that has a website as well.

There are definitely RBLs that are more reputable than others; there are some that have no process for being delisted, and others where you have to pay to be delisted. In my opinion, the pay-to-delist RBLs should not be considered reputable, and should not be used by mail system administrators.

Stay tuned for Part 2 of this series, where I’ll talk about how these RBLs are used by organizations, and give you some real-world examples of how RBLs can help you combat SPAM.