[rbldnsd] Using rbldnsd to blacklist websites

[Michael Tokarev]

Wayne Sherman wrote:
>>> So, (I know you don't like this) but how can I get rbldnsd to reply with
>>> REFUSE for all domain names it does not have entries for instead of
>>> NXDOMAIN?
>>
>> I think you can hack the code a bit for that, it's not difficult.
>>
>> In rbldnsd_packet.c:replypacket() (which you already tried to alter),
>> call 'refuse(DNS_R_REFUSED)' macro if `found' is zero, right before
>> the "now complete the reply: ..." comment, and probably a bit above
>> it as well, right after "if (qi.qi_dnlab == 0)" test (so that it'll
>> refuse queries to TLDs too).
> 
> I inserted the code starting at line 396.  Please see attached...
> 
> It works for sending back REFUSED if no domain is found and sending
> 127.0.0.2 for BL domains.
> 
> I need a little help with the optional reply of NXDOMAIN.  It is sending
> NXDOMAIN along with an answer section which BIND just rejects as
> malformed and does the lookup itself.  How do I set the answer count to
> 0 and clear our the answer section of the reply packet?

It's right here, a few lines above.  See other usage of 'refuse' macro:

    if (!found) {
      pkt->p_cur = pkt->p_sans;        <== reset answer section
      h[p_ancnt2] = h[p_nscnt2] = 0;   <== clear answer count
      refuse(DNS_R_REFUSED);
    }

By the way, here's the refuse() macro:

#define _refuse(code,lab) \
    do { setnonauth(h); h[p_f2] = (code); goto lab; } while(0)
#define refuse(code)  _refuse(code, err_z)

Or, with _refuse expanded:

#define refuse(code,lab) \
    do { setnonauth(h); h[p_f2] = (code); goto err_z; } while(0)

Where err_z label is like this:

err_z:
  do_stats(zone->z_stats.q_err += 1; zone->z_stats.b_out += rlen());
  return rlen();

In other words, when you use refuse() macro, it's performing return
implicitly, no more code after it gets executed.  That to say:

In your

  if (!found) {
    refuse(DNS_R_REFUSED);
    return rlen();
  }

the return can be omitted (isn't gcc warns you about unreach code?)

/mjt