[rbldnsd] queries of non-existent RRs
Michael Tokarev
mjt at tls.msk.ru
Sat Apr 23 00:02:50 MSD 2005
Steven F Siirila wrote:
[]
>>Have you configured SOA in the zone you're using? Without SOA configured,
>>rbldnsd can't answer with NXDOMAIN, so it just REFUSEs the query, and such
>>a reply gets translated into SERVFAIL by your forwarder.
>
> Actually, it doesn't appear that the rsync'd SBL zone has an SOA defined.
> However, the rsync'd SORBS zone does and it has the same problem:
>
> $DATASET ip4set dul safe @
> $SOA 86400 rbldns0.sorbs.net dns.isux.com 0 7200 7200 604800 3600
> $NS 86400 sorbs-sql1.vix.com. rbldns0.sorbs.net. rbldns2.sorbs.net.
> rbldns3.sorbs.net. rbldns4.sorbs.net rbl1.oregonstate.edu.
> rbl2.oregonstate.edu. sorbs.bl.xs4all.nl. rbldns5.sorbs.net.
> rbldns6.sorbs.net.
> :127.0.0.10:Dynamic IP Addresses See:
This zone does not show the behaviour you mentioned (dnsbl.sorbs.net
is running rbldnsd and is loaded with that zone you're rsyncing):
$ dnsget -v -n rbldns0.sorbs.net. 3.2.1.0.dnsbl.sorbs.net.
;; trying 3.2.1.0.dnsbl.sorbs.net.
;; sending 52 bytes query to 203.15.51.34 port 53
;; received 97 bytes response from 203.15.51.34 port 53
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7960, size: 97
;; flags: qr rd aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION (1):
;3.2.1.0.dnsbl.sorbs.net. IN A
;; AUTHORITY section (1):
dnsbl.sorbs.net. 3600 IN SOA rbldns0.sorbs.net. dns.isux.com. 1114198834 7200 7200 604800 3600
Note the NXDOMAIN status. (And note the SOA record - it IS used
in the NXDOMAIN response -- that's why rbldnsd can't return NXDOMAIN
if SOA record isn't present.)
Care to provide similar output from dig as shown when querying your
rbldnsd?
>>Well... it's interesting. Lemme take a more detailed look at this...
Perhaps I should add this issue to the docs and log a warning in rbldnsd
if there's no SOA and NS records configured.
> Can you provide me with a small (< 20 lines) zone which I could load that
> shouldn't have this problem, and I can test against it?
The one from sorbs should work.
/mjt
More information about the rbldnsd
mailing list