[rbldnsd] Using rbldnsd to blacklist websites
Michael Tokarev
mjt at tls.msk.ru
Mon Jan 29 00:54:06 MSK 2007
Wayne Sherman wrote:
>>> when bind gets a non-authoritative "empty" answer. Is there an easy way
>>> to make rbldnsd return the empty answer with the AA flag off?
>>
>> Yes - don't fill in NS information, and don't use -a switch.
>> This way (w/o -a), rbldnsd will try to add NS info, but since there's
>> no NS info available, it'll not turn AA bit on. If memory serves me
>> right anyway.
>
> In all my test cases it is setting the AA flag. I tried with "-a" and
> "-A" and with neither. My dataset file is:
So just remove the AA bit in rbldnsd_packet.c:replypacket() ;)
(add setnonauth(h) somewhere)
[]
>> But that doesn't matter - BIND will just forward that "NOERROR + 0 answers"
>> reply back to that client, exactly the same way it does that with AA reply.
/mjt
More information about the rbldnsd
mailing list