[rbldnsd] a "bind + rbldns on same machine HOW-TO"?

Matthew Schlosser mschlosser at eschelon.com
Fri Jul 29 19:45:06 MSD 2005 

We run a similar setup.  Rbldnsd runs on 127.0.0.2 and bind forward queries.
Using bind9 we can restrict access to certain zones if we like. 

> -----Original Message-----
> From: rbldnsd-bounces at corpit.ru 
> [mailto:rbldnsd-bounces at corpit.ru] On Behalf Of Amos Jeffries
> Sent: Friday, July 29, 2005 8:21 AM
> To: Small Daemon for DNSBLs
> Subject: Re: [rbldnsd] a "bind + rbldns on same machine HOW-TO"?
> 
> rbldns at 2005.ebuzz.de wrote:
> > Hi all,
> > 
> > Is there a "bind + rbldns on same machine HOW-TO"?
> > 
> > I read this thread:
> > http://www.corpit.ru/pipermail/rbldnsd/2005q1/000310.html
> > and
> > http://www.tqmcube.com/rbldnsd.htm
> > 
> > But it didn't solve my problems.
> > 
> > I want a setup that looks like:
> > 
> > => "bl.example.com" is "parent" zone used for a webpage.
> > => "helofaker.bl.example.com" and "ix-list.bl.example.com"
> > are rbldns served zones.
> > => my rblzones are not restricted to localhost use.
> > => bind is authoritative for example.com
> > 
> > What exact changes do I need make to named.conf
> 
> I have this setup running.
> 
> Depending on Bind8/9 and whether you are using views, it will differ 
> where you place these lines. But they go in just like any 
> other zone for 
> the appropriate views.
> 
> 
> My named.conf contains this:
> 
> // Master zone for web page and misc stuff
> zone "techtheft.info" {
>          type master;
>          file "/etc/bind/zone/techtheft.info-inet";
> };
> 
> // RBL sub-domain redirected to rbldnsd
> zone "bl.techtheft.info" {
>          type forward;
>          forward first;
>          forwarders {
>                  127.0.0.2;
>          };
> };
> 
> 
> the 127.0.0.2 is not fixed but it MUST be the address rbldnsd is 
> configured to serve on.
> 
> 
> In the 'rbldnsd' file configuring rbldnsd set:
> 
> RBLDNSD="- -e -v -v $RBLFILES -b127.0.0.2/53 \
>                       bl.techtheft.info:ip4set:isp.rbldnsd.txt \
>                 bogon.bl.techtheft.info:ip4set:bogon.rbldnsd.txt \
>                source.bl.techtheft.info:ip4set:source.rbldnsd.txt \
> 
> the -b parameter MUST match the forwarder addres in bind.
> and the subzones MUST all be within the zone bind is forwarding.
> 
> Adding "bl.hello.com:ip4set:buggered.txt" to the rbldnsd 
> config will be 
> served by rbldnsd but not asked for by bind under the above setup.
> 
> 
> For more than one base zone:
>   bl.example.com AND bl.somewhereelse.com being served by the 
> same rbldnsd
> 
> bind needs two zones forwarding to the same rbldnsd.
> the rbldnsd server can be setup with the two zones as normal.
> 
> 
> > Do I have to serve my rblzone with $NS?
> > 
> 
> No, but depending on the situation it may be a good idea.
> Bind preffers to cache, and to continually querying it and getting 
> redirection is slower than going directly to rbldnsd.
> 
> 
> Amos Jeffries
> amos at treenetnz.com
> 021 293 4049
> 
> Treehouse Networks Ltd
> www.treenetnz.com
> 
> -- 
> We are fast approaching the time when "packets from a M$ operating 
> system" is synonymous with "hostile behavior".
> _______________________________________________
> rbldnsd mailing list
> rbldnsd at corpit.ru
> http://www.corpit.ru/mailman/listinfo/rbldnsd
>

More information about the rbldnsd mailing list