If you are writing code that checks a DNS real-time blockhole list (RBL), it looks like 127.0.0.2 is the standard address that is always in the black/white -list.
This is probably know for most sysadmins/security people and whatnot, but wasn’t entirely trivial to find using Google.
lkarsten@immer:~$ dig 2.0.0.127.dnsbl.sorbs.net @8.8.8.8 ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> 2.0.0.127.dnsbl.sorbs.net @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55083 ;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;2.0.0.127.dnsbl.sorbs.net. IN A ;; ANSWER SECTION: 2.0.0.127.dnsbl.sorbs.net. 2562 IN A 127.0.0.10 2.0.0.127.dnsbl.sorbs.net. 2562 IN A 127.0.0.5 2.0.0.127.dnsbl.sorbs.net. 2562 IN A 127.0.0.7 2.0.0.127.dnsbl.sorbs.net. 2562 IN A 127.0.0.2 2.0.0.127.dnsbl.sorbs.net. 2562 IN A 127.0.0.3 2.0.0.127.dnsbl.sorbs.net. 2562 IN A 127.0.0.9 2.0.0.127.dnsbl.sorbs.net. 2562 IN A 127.0.0.14 2.0.0.127.dnsbl.sorbs.net. 2562 IN A 127.0.0.4 2.0.0.127.dnsbl.sorbs.net. 2562 IN A 127.0.0.6 2.0.0.127.dnsbl.sorbs.net. 2562 IN A 127.0.0.8 ;; Query time: 17 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Wed Dec 11 14:12:20 2013 ;; MSG SIZE rcvd: 203 lkarsten@immer:~$
Good to be able to actually test your code for hits also.
(this is for libvmod-policy, so you can deny/reject POST/PUT from spammers in Varnish)
Blog of Lasse Karstensen 