[rbldnsd] a "bind + rbldns on same machine HOW-TO"?

Amos Jeffries amos at treenetnz.com
Fri Jul 29 17:21:07 MSD 2005 

rbldns at 2005.ebuzz.de wrote:
> Hi all,
> 
> Is there a "bind + rbldns on same machine HOW-TO"?
> 
> I read this thread:
> http://www.corpit.ru/pipermail/rbldnsd/2005q1/000310.html
> and
> http://www.tqmcube.com/rbldnsd.htm
> 
> But it didn't solve my problems.
> 
> I want a setup that looks like:
> 
> => "bl.example.com" is "parent" zone used for a webpage.
> => "helofaker.bl.example.com" and "ix-list.bl.example.com"
> are rbldns served zones.
> => my rblzones are not restricted to localhost use.
> => bind is authoritative for example.com
> 
> What exact changes do I need make to named.conf

I have this setup running.

Depending on Bind8/9 and whether you are using views, it will differ 
where you place these lines. But they go in just like any other zone for 
the appropriate views.


My named.conf contains this:

// Master zone for web page and misc stuff
zone "techtheft.info" {
         type master;
         file "/etc/bind/zone/techtheft.info-inet";
};

// RBL sub-domain redirected to rbldnsd
zone "bl.techtheft.info" {
         type forward;
         forward first;
         forwarders {
                 127.0.0.2;
         };
};


the 127.0.0.2 is not fixed but it MUST be the address rbldnsd is 
configured to serve on.


In the 'rbldnsd' file configuring rbldnsd set:

RBLDNSD="- -e -v -v $RBLFILES -b127.0.0.2/53 \
                      bl.techtheft.info:ip4set:isp.rbldnsd.txt \
                bogon.bl.techtheft.info:ip4set:bogon.rbldnsd.txt \
               source.bl.techtheft.info:ip4set:source.rbldnsd.txt \

the -b parameter MUST match the forwarder addres in bind.
and the subzones MUST all be within the zone bind is forwarding.

Adding "bl.hello.com:ip4set:buggered.txt" to the rbldnsd config will be 
served by rbldnsd but not asked for by bind under the above setup.


For more than one base zone:
  bl.example.com AND bl.somewhereelse.com being served by the same rbldnsd

bind needs two zones forwarding to the same rbldnsd.
the rbldnsd server can be setup with the two zones as normal.


> Do I have to serve my rblzone with $NS?
> 

No, but depending on the situation it may be a good idea.
Bind preffers to cache, and to continually querying it and getting 
redirection is slower than going directly to rbldnsd.


Amos Jeffries
amos at treenetnz.com
021 293 4049

Treehouse Networks Ltd
www.treenetnz.com

-- 
We are fast approaching the time when "packets from a M$ operating 
system" is synonymous with "hostile behavior".

More information about the rbldnsd mailing list