[rbldnsd] dsbl dump to bind config

nathan r. hruby rbldnsd@corpit.ru
Fri, 31 Oct 2003 09:51:03 -0500 (EST) 

Hi!

We're planning to use list.dsbl.org on one of our primary mail systems.  
To help speed it up we were hoping to locally cache the blacklist in our 
existing nameserver setup.  The last time we looked at dsbl there was a 
bind-style config file, which was great because we could just load it into 
our existing name servers.  Now they use rbldsnd format zone files.  I'm 
trying to use the -d option to rbldnsd to dump the zone into something 
bind can understand.  The command I'm using is this:

rbldnsd -d list.dsbl.org:ip4set:list.dsbl.org-rbldnsd > dsbl-bind

What gets output looks correct, but when I load it into bind-9 it seems to 
reject the zone with the following error:
	named[28411]: zone list.dsbl.org/IN: has no NS records

The header of the dump looks like this:
--- BEGIN
; zone dump made Fri Oct 31 09:06:12 2003
; rbldnsd version 0.99 (16 Sep 2003)
$ORIGIN	list.dsbl.org.
@	600	SOA	a.list.ns.dsbl.org.	admin.dsbl.org.	(1067609106 600 300 86400 600)
$TTL 2048
221.170.2.4	A	127.0.0.2
	TXT	"http://dsbl.org/listing?ip=4.2.170.221"
5.179.2.4	A	127.0.0.2
	TXT	"http://dsbl.org/listing?ip=4.2.179.5"
147.179.2.4	A	127.0.0.2
--- END

Queries to the zone just result in SERVFAIL responses :(  I'm not really 
sure if I'm doing this right, does that command look ok?  Shouldn't this 
work?  Our old reference bind style dsbl list works just happily on other 
DNS servers and the setup is exatly the same, so I'm leaning toward the 
newly dumped zonefile as a culprit.

I know that the recommendation would be to use rbldsnd on localhost:5353
and have a forward entry for bind to point at the local rbldnsd.  I'd like
to not have to do that for simplicity's sake (the other admins would get
confused easily :) and the fact that our other blacklist (spamhaus's SBL)
is currently living in bind and is bind formatted (if there's a way/script
to stick the SBL into rbldnsd, I'd probably be happier to use it then :)  

Also our DNS servers have plenty of horsepower (dual 1.2Ghz p3's w/2GB
RAM), just for this sort of thing, so I'm not really worried about wasting
CPU/memory - these machines just run DNS and NTP.

If anyone could shed some light on the dumped zone or how to get SBL into 
rbldnsd I'd appreciate the tips!

Thanks,

-n
-- 
-------------------------------------------
nathan hruby <nhruby@uga.edu>
uga enterprise information technology services
production systems support
metaphysically wrinkle-free
-------------------------------------------