[rbldnsd] $TIMESTAMP - is per dataset expiry possible?

Jon Lewis jlewis at lewis.org
Thu Apr 27 23:48:22 MSD 2006 

On Thu, 27 Apr 2006, Paul McClure wrote:

> Another concept I had thought of was somehow putting entries directly 
> into the DNS cache and then allowing the TTL to expire the entries. This 
> would eliminate the need to store them in a file at all. No idea how 
> this could be done.

That would be interesting.  A sort of rbldnsdcache zone which through some 
kind of IPC you could do insertions with a TTL...which when expired would 
cause the record to be discarded.  The downsides to that are,

1) it doesn't exist, so someone has to write code.
2) If/when the system reboots, you lose the cache...unless someone also 
codes a facility for rbldnsdcache to dump its cache to disk such that it 
can reload the cache on startup.

> Seems like everyone is pointing me away from relying on any kind of 
> DNS-based system to expire the records. I still feel DNS is almost a 
> natural existing system to leverage off of since expiries are innate to 
> DNS.

SQL backend for DNSBL data is something that people have been doing for 
"some time".  The code to deal with it can be very simple perl scripts 
using DBI.  Its the sort of thing you could have up and running in an 
afternoon, without dealing with any of the complexity of rbldnsd's C 
code.

> Having said that, I like your SQL suggestion. It's possible someone else has
> already built something similar.

Not possible.  Definite.

For the benefit of anyone wanting to implement this, I'll mention mysql 
has INET_ATON and INET_NTOA, which make it trivial to store the IPs 
properly as 32-bit ints, yet still let your code deal with them as 
dotted-quads, and not have to muck about in your code with converting 
between the formats.

So if you want to insert an IP as int with a timestamp, you can prepare a 
statement using values of (INET_ATON(?), NOW()).

----------------------------------------------------------------------
  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

More information about the rbldnsd mailing list