[rbldnsd] How to implement?
Michael Tokarev
mjt at corpit.ru
Thu Aug 11 15:46:05 MSD 2005
Chris Knipe wrote:
> Hi all,
>
> I'm running RBLDNSD, but as of late, I've been starting to get errors....
>
> Initially, I ran it out of bind, puting in a forwarding zone in bind,
> and forwarding the requests to rbldnsd. This worked great, but it
> lacked the capability that I could add ACLs to the forwarding zone in
> order to only allow certain hosts to query the RBL.
>
> Since then, I have moved RBLDNSD to accept queries directly, but now,
> I'm getting SERVFAIL and NXDOMAIN* errors...
In order to diagnose these, you'll need to provide some more
details. Like, the domain(s) in question (rbldnsd commandline),
the reply (dig) when asked rbldnsd directly, sample data from
rbldnsd files. Also, pay attention to whenever you have proper
$NS lines in your rbldnsd data files.
> I've basically done this:
> IP Config: x.x.x.1 (BIND), x.x.x.2 (RBLDNS)
>
> In my zone:
> nsA IN A x.x.x.2
>
> rbldnsd IN NS nsA.mydomain.com
>
> Then, I firewall incoming packets on x.x.x.2 port 53 (no outgoing
> firewalls).
>
> A tcpdump shows that SOMETIMES, the queries comes in to x.x.x.2, but
> almost always, a NXDOMAIN* or SERVFAIL is returned.
>
> Can anyone perhaps give me some hints here?
I suspect it's due to the lack of (proper) $NS lines in rbldnsd
files. Note that w/o NS records, the DNS zone is incomplete, and
bind (which is a DNS server) can't grok it.
> I need to get rbldnsd running again, but I must have ACLs on it to limit
> who can submit queries to it....
Hmm. Can you perhaps try new 'acl' "dataset" in recent rbldnsd?
/mjt
More information about the rbldnsd
mailing list