[rbldnsd] almost got it running but missing a few important lines somewhere

[Amos Jeffries]

Sebastiaan Tigchelaar wrote:
> I found this program via 
> http://www.hansenonline.net/Networking/bind-spam.html after a google.
> I have mandrake 9 with qmail, rblsmptd and BIND 8 running.
> 
> I used the rpm to install but after the standard tweaking I found that 
> the program isn't querying itself but other DNS servers.
> 
> I read in part posts that you have to include an NS record in your 
> zonefiles, but as the noob that I am on this (I didn't even install the 
> machine but I have to take care of it after the person who did left us) 
> I have no idea how to state that.
> I think I have to include it in every IP list/zone that I want to use 
> all I need now is the proper format.
> 
> Thank you for your time.
> 
> Sebastiaan
> Linux no-bee
> 
> 
> DIG results:
> [root at w3 /]# dig 25.202.13.60.clients.blocked.rbl -t txt
> 
> ; <<>> DiG 9.2.2 <<>> 25.202.13.60.clients.blocked.rbl -t txt
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57667
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;25.202.13.60.clients.blocked.rbl. IN   TXT
> 
> ;; AUTHORITY SECTION:
> ..                       10800   IN      SOA     a.public-root.net. 
> hostmaster.public-root.net. 2005092106 43200 3600 1209600 14400
> 
> ;; Query time: 27 msec
> ;; SERVER: 10.2.1.2#53(10.2.1.2)
> ;; WHEN: Wed Sep 21 10:48:10 2005
> ;; MSG SIZE  rcvd: 113
> 
> 
> 
> from /var/lib/rbldns/china, zonefile for china
> :127.0.0.2:DNSBL. $ originates from an area from which we do not accept 
> mail.
> 59.32
> 59.33

To answer your actual quesion the format for NS records here is:
$NS ns1.wherever.invalid

Its a good idea to add a default TTL record here too. Depends on your 
zone stability, but set it small during your testing. This _will_ effect 
whether bind is looking in its cache and giving a wrong answer or asking 
rbldnsd.
$TTL 2m

> 59.34
> 59.35
> (many more follow)
> 60.13.200
> 60.13.201
> 60.13.202
> 60.13.203
> 60.13.204
> 60.13.205
> 
> 
> from /etc/sysconfig/rbldnsd
> RBLDNSD="dsbl -r/var/lib/rbldns/ -b 127.0.0.1/530 \
> clients.blocked.rbl:ip4set:clients,china \
> hosts.blocked.rbl:dnset:hosts
> "
> 
> 
> from /etc/named.conf
> options {
> directory "/etc/named.hosts";
> pid-file "/var/run/named/named.pid";
> dump-file "/var/log/named/db.dump";
> statistics-file "/var/log/named/stats.log";
> transfers-in 9999;
> transfer-format many-answers;
> recursion yes;
> forward first;
> forwarders {
> 195.241.49.33;
> 195.241.48.33;
> 10.2.1.2;
> };
> multiple-cnames yes;
> };
> zone "." {
> type hint;
> file "/etc/named.hosts/db.cache";

You might try adding: listen-on { <ip_addr>; <ip_addr>; };
here, to stop bind clashing on the listen port (though at 530 it should 
not occur).

> };
> 
> zone "hosts.blocked.rbl" IN {
> type forward;
> forward first;
> forwards {127.0.0.1 port 530;

 >>>>>> forwarders.

> };
> };
> 
> zone "clients.blocked.rbl" IN {
> type forward;
> forward first;
> forwarders {127.0.0.1 port 530;
> };
> };
> 

If you still have the problem, try a dig trace with and without 
recursion to get a clearer view of whats happening.


Amos Jeffries
amos at treenetnz.com
021 293 4049

Treehouse Networks Ltd
www.treenetnz.com

-- 
We are fast approaching the time when "packets from a M$ operating 
system" is synonymous with "hostile behavior".