[rbldnsd] Annonuce: rbldnsd-0.993 is out
Michael Tokarev
mjt at tls.msk.ru
Thu Jul 1 21:23:31 MSD 2004
Version 0.993 of rbldnsd, a nameserver for DNSBLs, is out.
This version introduces several safety measures to work around
various possible usage problems like incomplete data transfers,
reading data files at the same time as they're being written,
typos in data files and the like. Now it is more difficult to
specify an invalid (incomplete, mistyped etc) entry that may
result in a too wide listing.
In addition, this version fixes several more minor bugs (bugs?
which bugs?), and have much improved manual page, which, among
other things, now demonstrates several "good usage practice"
examples too.
There is no need to upgrade (as in: no critical bugs where
found), but it is recommended to upgrade if you're pulling
data from remote site, and are doing it incorrectly... At
least, please read the USAGE section in the manpage (also
available at http://www.corpit.ru/mjt/rbldnsd/rbldnsd.8.html)
and check whenever you're doing the Right Thing (tm).
Please note that this version introduces an incompatibility
in IPv4 address parser, namely, bare numbers aren't treated
as valid /8 prefix anymore. Hopefully, this change will not
affect anyone, but rbldnsd is much safer this way.
User-visible changes since 0.992 are below (also included
in NEWS file in the tarball, and are available online at
http://www.corpit.ru/mjt/rbldnsd/NEWS), and the detailed
changelog is at http://www.corpit.ru/mjt/rbldnsd/changes.
Rbldnsd homepage is at http://www.corpit.ru/mjt/rbldnsd.html.
Enjoy.
/mjt
User-visible changes since 0.992 release:
0.993 (01 Jul 2004)
- bugfix: fix 0.0.0.0 A value being used instead
of the specified real IP address in a case like
":127.0.0.2" (use specific A and default TXT)
- feature: allow (optional) names for subdatasets
in combined dataset, for better logging. Specify
:name after dataset type in $DATASET line, like
$DATASET ip4set:http proxies @
$DATASET ip4set:relays relays @
- feature, safety: implement and enforce $MAXRANGE4
special like this:
$MAXRANGE /24
$MAXRANGE 256
the maximum "size" of a single entry, in number
of IPv4 addresses it covers. If an entry covers
more addresses, it is ignored (and warning is
logged). The constraint may be decreased by the
following $MAXRANGE special, but can not be
increased. Global per dataset.
- feature, safety: ignore incomplete last lines
(lines w/o end-of-line terminator) in data
files (to prevent mis-interpreting of incomplete
data)
- feature, safety: check for data file changes during
reloads (while reading data), and abort loading
(and mark all zones to return SERVFAIL until next
reload) if a change is detected.
- safety: do not treat bare numbers as /8 ranges.
10 -- wrong from now on
10/8 -- ok
10-11 -- ok
- safety: require equal number of octets for x-y
style ranges:
1.2.3-2.3.4.5 -- wrong
1.2.3.0-2.3.4.5 -- ok
1.2.3.4-2.3.4 -- wrong
1.2.3.4-2.3.4.5 -- ok
and the "repeat-last-octet" variant is still
ok too, obviously:
1.2-3 -- ok
1.2.3-4 -- ok
1.2.3.4-5 -- ok
- safety: only accept complete, 4-octet IPv4
addresses in ip4tset, do not allow weird stuff
like inet_aton() allows:
10 = 0.0.0.10 -- wrong
10.1 = 10.0.0.1 -- wrong
- bugfix: several more small fixes for IP4 address
parser
- refine logging a bit, make it less verbose
(esp. when logging problems)
- bugfix: query logging (-l) with background
reloading: the file was not flushed properly
(resulted in double logging)
- bugfix: dump (-d) of MX record (generic dataset)
was incorrect
- bugfix: wrong subzone in $ORIGIN when dumping (-d)
combined dataset
- bugfix: incorect (opposite) evaluation of maxttl
More information about the rbldnsd
mailing list