[rbldnsd] Answering NS queries
Michael Tokarev
rbldnsd@corpit.ru
Fri, 28 Mar 2003 20:18:42 +0300
Please excuse me for the long delay.
Dmitry Agaphonov wrote:
> Hello,
>
> I'm trying to setup a list which should run under the following
> conditions:
>
> a) bind is serving mydomain.net zone on ns1/ns2.mydomain.net hosts.
> b) rbldnsd should serve dnsbl.mydomain.net zone on ns.dnsbl.mydomain.net
> host.
> c) Queries to dnsbl.mydomain.net zone should go directly to host
> ns.dnsbl.mydomain.net and not to ns1/ns2 where bind can forward them
> to rbldnsd.
>
> As for my current knowledge of DNS, requesting dnsbl.mydomain.net directly
> from ns.dnsbl.mydomain.net could be set up by delegating the blacklist
> zone in the main mydomain.net zone file:
>
> dnsbl NS ns.dnsbl
> ns.dnsbl A 123.45.67.89
>
> But this way requires rbldnsd to answer NS queries. According to
> documentation, it doesn't. Is it possible to fit the conditions above
> with rbldnsd, or not?
It's in my TODO list to add support for other records to rbldnsd.
In fact, I don't know how it should work in the real DNS world -
rbldnsd was modelled after DJB's rbldns and follows it as much
as possible. Usually, for rbldns-served zones, nameservers are
in different domains - check e.g. list.dsbl.org:
list.dsbl.org NS a.list.ns.dsbl.org
list.dsbl.org NS b.list.ns.dsbl.org
this is from a nameserver responsible for dsbl.org. none from
a,b,...list.ns.dsbl.org will answer NS query. This sounds strange,
and named chokes on this too when one asks for NS records AFTER
it cached those NS records as answered from a.list.ns.dsbl.org.
Proposed variant is to make a rbldnsd zone from SEVERAL data files
of different types:
zone list.dsbl.org {
file "list.dsbl.org.ips" type ip4set;
file "list.dsbl.org.info" type generic;
..
}
where `generic' type is similar to named's zone format (simplified):
@ NS a.list.ns.dsbl.org
@ SOA ...
@ TXT "list.dsbl.org zone"
about TXT "list.dsbl.org zone"
etc.
Oh, how to find a time for all that!.. :)
/mjt