[rbldnsd] Warning: possible danger of using rbldnsd, and upcoming data format change

David Landgren david at landgren.net
Wed Jun 9 20:09:29 MSD 2004 

Michael Tokarev wrote:

>  1) documentation, with examples of the right way

Here's an example lifted from my setup. I've expurgated it a bit so I 
hope it still runs. It assumes rsync to transfer, using an ssh tunnel. 
(I do this so that I only have to open one port on the machine rather 
than two). Feel free to bend this any way you see fit.

On an internal machine I generate a number of data files (2.data 
corresponds to rejections in 127.0.0.2, 3.data corresponds to 127.0.0.3 
etc.etc). These are be send to the dnsbl machine with the following 
shell script:

#! /bin/sh
#
# send-zone-data - send rbldnsd data files to dnsbl host
# Copyright (c) David Landgren 2003

dnsbl_host=ns.example.com
dnsbl_user=dns
dnsbl_dir=dnsbl

md5=/sbin/md5
rsync=/usr/local/bin/rsync
ssh=/usr/bin/ssh

for a in *.data
do
     stem=${a%.data}
     $md5 $stem.data >$stem.md5
     $rsync -az -e "$ssh -l $dnsbl_user" $a $stem.md5 \
         $dnsbl_host:$dnsbl_dir
done

$ssh -l $dnsbl_user $dnsbl_host bin/check-xfer '*.data'
__END__

(My actual script only rsyncs if files have changed since a previous 
run, but that only adds complexity which is not germane to the discussion).

In other words, take each file 2.data, 3.data... and generate its MD5 
sum and store that in 2.md5, 3.md5...

Transfer the .data and .md5 over to the dnsbl host.

After all the files have been transferred, tell the remote machine to 
execute the 'check-xfer' script.

This is as follows:

#! /bin/sh
#
# check-xfer - check that dnsbl files were received correctly
#              and move them into production.
# Copyright (c) David Landgren 2003

cat=/bin/cat
md5=/sbin/md5
mv=/bin/mv
rm=/bin/rm

# working directory
cd /home/dns/dnsbl

for a in $*
do
    stem=${a%.data}
    if [ "$($cat $stem.md5)" = "$($md5 $stem.data)" ]
    then
       # update, rbldnsd will notice them in a moment
       # see /usr/local/etc/rbldnsd.conf for details
       $mv $stem.data $stem.zone
    else
       # bitch about it in the cron
       echo xfer error: sent vs. calculated:
       $cat $stem.md5
       $md5 $stem.data
    fi
done

# cleanup dead xfers
if [ "$(echo *.data)" = "" ]
then
     echo $0: unlinking *.data
     $rm *.data
fi
__END__

IOW, if the sent MD5 file matches the MD5 calculated by the dnsbl host 
then I can safely move the file into production with a rename. rbldnsd 
is configured to look for files with a .zone extension. It doesn't know 
anything about .md5 or .data files sitting in the directory.

After the files have been renamed, any remaining .data files must be the 
result of failed transfers and are unlinked.

David

More information about the rbldnsd mailing list