[rbldnsd] Re: rbldnsd new option ?
mjt at tls.msk.ru
Thu Dec 25 03:01:15 MSK 2003
Jean-Eudes ONFRAY wrote:
> Some tools like rblsmtpd only use IP based black list.
> Wouldn't it be nice to have an option to enable rbldnsd
> to check not only the ip provided but also the reverse dns
> Ex: if my zone spam.bl.ex.com contains the following dnset
> and if I check 188.8.131.52.spam.bl.ex.com
> as 184.108.40.206.in-addr.arpa is host-10-0-0-25.spam.net
> it could answer me the A&TXT records
> Maybe I can develop & provide a patch for this.
> Do you think it can be usefull ?
I don't think this is a job for rbldnsd. In order to do what
you described, it should perform reverse DNS lookup which may
require undetermined amount of time to complete. But client
asking for 220.127.116.11.spam.bl.ex.com will not wait - WHILE it
may perform rDNS lookup itself, and in fact most software does.
Also, it isn't clear what to do with failed rDNS lookups.
In short: this is a job for client software. Rbldnsd provides
a "database interface" - usually when you query a database you
don't expect it will perform any extra lookups in addition or
instead of the ones you asked it to perform. It is either
DNSBL (ip4set) or RHSBL (dnset), but not a glue between the two.
Speaking of rblsmtp - it does not support RHSBL. And I think it
should be easy to write e.g. rhsblsmtp (or to modify rblsmtp) to
implement such a functionality. Where, in particular, you will
have to deal with unresolvable rDNS, with temporary DNS errors
etc in appropriate manner, suitable for *this* application.
More information about the rbldnsd