[rbldnsd] Using rbldnsd to blacklist websites
Wayne Sherman
wsherman at gmail.com
Mon Jan 29 00:48:49 MSK 2007
>> when bind gets a non-authoritative "empty" answer. Is there an easy way
>> to make rbldnsd return the empty answer with the AA flag off?
>
> Yes - don't fill in NS information, and don't use -a switch.
> This way (w/o -a), rbldnsd will try to add NS info, but since there's
> no NS info available, it'll not turn AA bit on. If memory serves me
> right anyway.
In all my test cases it is setting the AA flag. I tried with "-a" and
"-A" and with neither. My dataset file is:
@ MX 10 mx.ex.com
My command line is (note that this is preprocessed by the Fedora Core 5
startup script):
RBLDNSD=" \
web-bl -r /var/lib/rbldnsd/web-bl -q -4 -b 127.0.0.1/53 \
ex.com:generic:generic"
> But that doesn't matter - BIND will just forward that "NOERROR + 0 answers"
> reply back to that client, exactly the same way it does that with AA
> reply.
>
> What you need is either a DNS proxy which does this 'blocklisting' stuff,
I haven't found anything yet that does this.
> or that blocklisting implemented inside the resolving nameserver.
That is still an option. I have decided against djbdns for the time
being, but I may try MaraDNS if I get a chance.
Thanks,
Wayne
More information about the rbldnsd
mailing list