[rbldnsd] forwarding?
Ronan
r.mcglue at qub.ac.uk
Thu Feb 9 17:37:12 MSK 2006
Chris Gabe wrote:
> Hoping I understand your topology correctly:
>
> system 1 system 2
> [ SA + bind ] --> [ rbldnsd ]
>
> | system 3
> \------> [ DNS server for other domains ]
more like
system 1
[SA + bind + rbldnsd ]
| system 2
\------> [ DNS domain cache + server ]
>
> Considering
> [ SA + rbldnsd ] --> [ other DNS ]
>
> rbldnsd does not forward queries. It has an NS record but that doesn't
> forward, it gets returned in the response and leaves it to your resolver
> to recurse. I may not have the right terminology but, I've been there,
> it doesn't do that. YMMV
pants, yeah thats what i thought.
> I wouldn't use rbldnsd for general name service in any case, you'll run
> into issues with more esoteric DNS queries. It's not intended for
> general DNS, in spite of some bits and pieces that get it half way there.
>
> As an alternative, consider a small, efficient DNS resolver/caching
> mechanism designed for that purpose. dnsmasq is a good choice (I've
> been there, it *does* do that). It lets you cache locally, very
> efficiently, while still being a full name service.
yeah since ive been doing some reading it would appear that this
outperforms bind considerably
Just point your
> resolver to it, configure it to go to your existing name server for
> cache misses.
Thats exactly what I want to do... currently im only running SURBL off
of rbldnsd but I will probably want to include more in the future.
Anything else i just want to offload to our domain DNS's
It will still go off-box for the non-cached DNSBL
> queries, but DNSBL's tend to have ttl's of an hour or more, so that's
> the exception case (you can even configure it to go direct to rbldnsd
> for the DNSBL domains, locally or on another ip, if you prefer).
yeah we rsync twice hourly currently...
> Actually, I'm surprised you notice bind taking up much,
Im not sure it is atm im just eliminating any potential bottlenecks
before I make a case for new hardware from the boss! ;) but I do think
the system would benefit from running say dnsmasq, djbdns etc
compared to
> email scanning, though it certainly is a horse performing a mouse's task
> if it's just doing the DNS on the SA system.
yes thats all its doing currently
bind is overkill for that,
> but SA is, like, a brontosaurus in that case.
Assuming it's opening the
> email, which is kind of a given, right?
??
Ronan
>
> On Feb 9, 2006, at 8:28 AM, Ronan wrote:
>
>> Hi list,
>> I have been using rbldnsd for about a year now serving the SURBL
>> zones for use with SA. Its been great. I am currently using bind as a
>> caching NS on the SA machine and was thinking of moving to a more high
>> performance cache.
>>
>> What im thinking of, and cant seem to find out from the site is
>> whether rbldnsd could (running on standard #53 port ) be used to
>> serve the SURBL zones locally and for any other query forward to our
>> domain's main NS servers?
>>
>> Thanks IA
>>
>> Ronan
>> --Ronan McGlue
>> Analyst / Programmer
>> CMC Systems Group
>>
>> Queens University Belfast
>> _______________________________________________
>> rbldnsd mailing list
>> rbldnsd at corpit.ru
>> http://www.corpit.ru/mailman/listinfo/rbldnsd
>
> ________________________________________________________________________
> Chris Gabe Manager, Borderware
> Security Network
> Phone: 905-804-1855 x283 Fax: 905-804-1865
> Borderware Technologies Inc. http://www.borderware.com
>
>
> _______________________________________________
> rbldnsd mailing list
> rbldnsd at corpit.ru
> http://www.corpit.ru/mailman/listinfo/rbldnsd
--
Ronan McGlue
Analyst / Programmer
CMC Systems Group
Queens University Belfast
More information about the rbldnsd
mailing list