[rbldnsd] rbldnsd and blackholes.us
Vlad Z
vz at B3.ca
Sat Oct 8 00:53:13 MSD 2005
Hmmm, I wish I could explain how...
Here's my test for 195.2.96.244 <http://195.2.96.244>:
=========================================================
[root at squirrel rbldns]# dig @localhost 244.96.2.195.countries.blocked.rbl a
; <<>> DiG 9.2.4 <<>> @localhost 244.96.2.195.countries.blocked.rbl a
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46726
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;244.96.2.195.countries.blocked.rbl. IN A
;; ANSWER SECTION:
244.96.2.195.countries.blocked.rbl. 2100 IN A 127.4.2.8 <http://127.4.2.8>
;; AUTHORITY SECTION:
countries.blocked.rbl. 3000 IN NS dspam.XXXXXX.ca <http://dspam.XXXXXX.ca>.
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Fri Oct 7 14:11:15 2005
;; MSG SIZE rcvd: 97
=========================================================
as well as
[root at squirrel rbldns]# dig @localhost 244.96.2.195.lv.countries.blocked.rbla
; <<>> DiG 9.2.4 <<>> @localhost 244.96.2.195.lv.countries.blocked.rbl a
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8744
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;244.96.2.195.lv.countries.blocked.rbl. IN A
;; ANSWER SECTION:
244.96.2.195.lv.countries.blocked.rbl. 2100 IN A 127.4.2.8<http://127.4.2.8>
;; AUTHORITY SECTION:
countries.blocked.rbl. 3000 IN NS dspam.XXXXXXX.ca <http://dspam.XXXXXXX.ca>
..
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Fri Oct 7 14:15:50 2005
;; MSG SIZE rcvd: 100
=========================================================
however
[root at squirrel rbldns]# dig @localhost 244.96.2.195.ca.countries.blocked.rbla
; <<>> DiG 9.2.4 <<>> @localhost 244.96.2.195.ca.countries.blocked.rbl a
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10010
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;244.96.2.195.ca.countries.blocked.rbl. IN A
;; AUTHORITY SECTION:
countries.blocked.rbl. 300 IN SOA dspam.XXXXXXX.ca <http://dspam.XXXXXXX.ca>.
hostmaster.dspam.XXXXXXX.ca <http://hostmaster.dspam.XXXXXXX.ca>. 1128631361
600 300 86400 300
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Fri Oct 7 14:17:44 2005
;; MSG SIZE rcvd: 117
=========================================================
[root at squirrel rbldns]# cat logfile
1128715849 127.0.0.1 <http://127.0.0.1> 244.96.2.195.countries.blocked.rbl A
IN: NOERROR/1/97
1128715875 127.0.0.1 <http://127.0.0.1> 244.96.2.195.countries.blocked.rbl A
IN: NOERROR/1/97
1128716150 127.0.0.1 <http://127.0.0.1>
244.96.2.195.lv.countries.blocked.rbl A IN: NOERROR/1/100
1128716264 127.0.0.1 <http://127.0.0.1>
244.96.2.195.ca.countries.blocked.rbl A IN: NXDOMAIN/0/117
Again,
[root at squirrel rbldns]# tail -3 /etc/sysconfig/rbldnsd
RBLDNSD="- -r/var/lib/rbldns -b127.0.0.1 -l +logfile \
countries.blocked.rbl:combined:meta,countries.rbl \
"
and
[root at squirrel rbldns]# cat meta
$NS 3000 dspam.XXXXXXX.ca <http://dspam.XXXXXXX.ca>
dspam.XXXXXXXX.ca<http://dspam.XXXXXXXX.ca>
On 10/7/05, Michael Tokarev <mjt at tls.msk.ru> wrote:
>
> Vlad Z wrote:
> > Michael,
> > thank you for your suggestions, my rbldnsd works fine now, effectively
> > blacklisting the entire world.
>
> Care to explain how?
> The file, http://blackholes.us/zones/countries/countries.rbl, lists
> each country in a separate subzone named after the TLD of that country.
> So you either removed all the subzone definitions from it, placing
> all ranges into the same level, or specified all subzones in turn
> in your MTA configuration, or there's some bug somewhere.
>
> > My next challenge is to exclude US and Canada from the list. Is there a
> > way to avoid manual editing of countries.rbl and somehow override the
> > configuration, excluding 2 zones from the file?
>
> It depends on the answer to the above question.
>
> /mjt
> _______________________________________________
> rbldnsd mailing list
> rbldnsd at corpit.ru
> http://www.corpit.ru/mailman/listinfo/rbldnsd
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.corpit.ru/pipermail/rbldnsd/attachments/20051007/a49cc923/attachment.html
More information about the rbldnsd
mailing list