[rbldnsd] rbldnsd and blackholes.us
Michael Tokarev
mjt at tls.msk.ru
Thu Oct 6 23:38:08 MSD 2005
vz at B3.ca wrote:
> Hello,
> I'm trying to set up rbldnsd using the blackhole.us zone file from
> http://blackholes.us/zones/countries/countries.rbl
> My server runs RHEL3 and I used rbldnsd-0.995-1.i386.rpm from Fedora.
> When I start rbldnsd using the following command
>
> # rbldnsd -n -r/var/lib/rbldns -b127.0.0.1 -l logfile
> countries.blocked.rbl:ip4set:countries.rbl.bak
>
> I get the following messages:
> rbldnsd: listening on 127.0.0.1/53
> rbldnsd: file countries.rbl.bak(4): invalid or unrecognized special entry
....
[]
> # head -11 countries.rbl.bak
> $SOA 3000 ns1.blackholes.us hostmaster.blackholes.us 0 600 300 86400 300
> $NS 3000 ns1.blackholes.us
>
> $DATASET ip4set @
This is for 'combined' dataset type, not for ip4set you're
trying to use it with. Combined dataset is a 'container'
for other usual datasets. Read the manpage for more details.
It'd be nice to have some comment(s) on the top of the data
files mentioning the format/type...
BTW, I don't recommend this way/sort of data distribution.
Since you're loading/using this data in your environment,
with your local base zone name and your nameserver(s),
it's wrong to list their nameservers in the data files.
I suggest you to add yet another file for the dataset,
where you list your own rbldnsd hostname in a form of
$NS record as above:
... countries.blocked.rbl:combined:meta,countries.rbl.bak
where file 'meta' contains just one line:
$NS 3000 your.rbldnsd.name your.rbldnsd.name
(yes, repeat it two times, it's a temporary hack to work
around that "NS compatibility mode" which will be removed
for version 1.0...)
> 127.0.0.2:127.0.0.2:countries.blackholes.us
>
> $DATASET generic @
> @ TXT "See http://blackholes.us/"
> @ A 216.243.118.34
I'd suggest to blackholes.us maintainer(s) to move the above
section to a separate small file, together with $NS record(s),
so that the data files will not contain any "site-specific"
information and will be easily owerwritable locally.
> $DATASET ip4set af
> =====================================
>
> Is the file I get from blackholes.us not in rbldns format?
> Any help is greatly appreciated.
>
> My second problem is that the logfile, which I expect to be in /var/lib/rbldns
> directory is empty, nothing is being written to it.
What does rbldnsd say during startup or when you send SIGHUP to
it, in syslog? I bet it's saying it can't open the logfile due
to permission problem. For that to work, you have to create
the file 'logfile' and allow write access to it for the daemon
(probably chown'ing it).
Also, the directory can't be empty - since your data file(s)
are here (or else rbldnsd will be unable to open them and hence
will not produce the above warnings).
/mjt
More information about the rbldnsd
mailing list