[rbldnsd] Using rbldnsd to blacklist websites
Jon Lewis
jlewis at lewis.org
Sun Jan 28 08:18:24 MSK 2007
On Sat, 27 Jan 2007, Wayne Sherman wrote:
> I just checked the number of entries in the hosts files at these two sites:
>
> http://www.hosts-file.net/
> http://www.mvps.org/winhelp2002/hosts.htm
>
> The first one has about 57769 entries and the second has around 13980. It is
> likely there is a lot of overlap. Since rbldns is designed to efficiently
> handle that many entries, it would have been nice to be able to use it. It
> don't know how bind would do with that.
Hmm, that would be alot for bind, almost an order of magnitude bigger than
any auth server I've worked on. It seems like what you really want is a
plugin for bind that adds in RHSBL support. That way, you could create a
RHSBL using rbldnsd, and have your bind caching server check that RHSBL
before looking up any zone not in the cache. If the zone is found in the
RHSBL, return NXDOMAIN for all queries.
> I have seen comments that djbdns is faster and more efficient than bind, so I
> think my next step is to try out djbdns. At the present, I don't have time
> for running a performance comparison myself, so I am going off of others
> comments and testing that can be found around the net. For example:
I think djbdns would at least require you to have 50k or so symlinks (one
for each zone) to the same data file. The other problem is, since djbdns
totally separates caching and auth DNS, you'd have to configure the cache
to forward the zones you want to null to the system running djbdns.
That's twice the config work.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the rbldnsd
mailing list