[rbldnsd] forwarding?

Chris Gabe chris at borderware.com
Thu Feb 9 17:01:50 MSK 2006 

Hoping I understand your topology correctly:

   system 1          system 2
[ SA + bind ] --> [ rbldnsd ]

          |           system 3
           \------> [ DNS server for other domains ]

Considering
[ SA + rbldnsd ] --> [ other DNS ]

rbldnsd does not forward queries.  It has an NS record but that  
doesn't forward, it gets returned in the response and leaves it to  
your resolver to recurse.  I may not have the right terminology but,  
I've been there, it doesn't do that.  YMMV
I wouldn't use rbldnsd for general name service in any case, you'll  
run into issues with more esoteric DNS queries.  It's not intended  
for general DNS, in spite of some bits and pieces that get it half  
way there.

As an alternative, consider a small, efficient DNS resolver/caching  
mechanism designed for that purpose.  dnsmasq is a good choice (I've  
been there, it *does* do that).  It lets you cache locally, very  
efficiently, while still being a full name service.  Just point your  
resolver to it, configure it to go to your existing name server for  
cache misses.  It will still go off-box for the non-cached DNSBL  
queries, but DNSBL's tend to have ttl's of an hour or more, so that's  
the exception case (you can even configure it to go direct to rbldnsd  
for the DNSBL domains, locally or on another ip, if you prefer).   
Actually, I'm surprised you notice bind taking up much, compared to  
email scanning, though it certainly is a horse performing a mouse's  
task if it's just doing the DNS on the SA system.  bind is overkill  
for that, but SA is, like, a brontosaurus in that case.  Assuming  
it's opening the email, which is kind of a given, right?

On Feb 9, 2006, at 8:28 AM, Ronan wrote:

> Hi list,
> 	I have been using rbldnsd for about a year now serving the SURBL   
> zones for use with SA. Its been great. I am currently using bind as  
> a caching NS on the SA machine and was thinking of moving to a more  
> high performance cache.
>
> What im thinking of, and cant seem to find out from the site is  
> whether  rbldnsd could (running on standard #53 port ) be used to  
> serve the SURBL zones locally and for any other query forward to  
> our domain's main NS servers?
>
> Thanks IA
>
> Ronan
> -- 
> Ronan McGlue
> Analyst / Programmer
> CMC Systems Group
>
> Queens University Belfast
> _______________________________________________
> rbldnsd mailing list
> rbldnsd at corpit.ru
> http://www.corpit.ru/mailman/listinfo/rbldnsd

________________________________________________________________________
Chris Gabe                                     Manager, Borderware  
Security Network
Phone: 905-804-1855 x283                        Fax:   905-804-1865
Borderware Technologies Inc.                   http://www.borderware.com

More information about the rbldnsd mailing list