[rbldnsd] Exclusion entry in ip4set not working
Matthew Sullivan
matthew at sorbs.net
Thu Nov 11 00:50:28 MSK 2004
Mark Jones wrote:
>Hello,
>
>I have blended a third-party public RBL list with my own additions and
>exclusions, for my own private use. For now, this is all in one file,
>which is loaded into rbldnsd as ip4set zone "dynamic.bl.netins.net".
>When I start rbldnsd, I get no errors or warnings of problems.
>
>The file includes these lines:
>
>216.51.152.1/32
>216.51.152.2/31
>216.51.152.4/30
>216.51.152.8/29
>216.51.152.33/32
>216.51.152.34/31
>216.51.152.36/30
>216.51.152.40/29
>216.51.152.48/29
>216.51.152.56/30
>216.51.152.60/31
>216.51.152.62/32
>
>and toward the bottom is my own addition, a large exclusion:
>
>!216.51.128.0/17
>
>Shouldn't queries for any IP in 216.51.128.0/17 result in NXDOMAIN? If
>so, that is not happening. For example, 216.51.152.10:
>
>
>
I fell for this as well.....
It has to do with the network sizes. IIRC if you have to have an
exclusion that is smaller or in the same class than the entry(s) causing
the listing...
Eg: for anything smaller than a /24 the biggest exclusion is /25.
Anything smaller than a /16 and /24 or larger and the exclusion can be
upto /17 etc...
So, no it won't work, I did ask some time ago about this and if rbldnsd
could have a 'super exclusion' which could be used to exclude anything
(ie a whitelist)...
/ Mat
(PS: Michael will probably give you a better explaination of why)
More information about the rbldnsd
mailing list