[rbldnsd] Using rbldnsd to blacklist websites
Michael Tokarev
mjt at tls.msk.ru
Wed Jan 31 09:33:40 MSK 2007
Wayne Sherman wrote:
>>> So, (I know you don't like this) but how can I get rbldnsd to reply with
>>> REFUSE for all domain names it does not have entries for instead of
>>> NXDOMAIN?
>>
>> I think you can hack the code a bit for that, it's not difficult.
>>
>> In rbldnsd_packet.c:replypacket() (which you already tried to alter),
>> call 'refuse(DNS_R_REFUSED)' macro if `found' is zero, right before
>> the "now complete the reply: ..." comment, and probably a bit above
>> it as well, right after "if (qi.qi_dnlab == 0)" test (so that it'll
>> refuse queries to TLDs too).
>
> I inserted the code starting at line 396. Please see attached...
>
> It works for sending back REFUSED if no domain is found and sending
> 127.0.0.2 for BL domains.
One more comment. I guess you'd want to REFUSE the query to the base DN
right away. Here:
if (qi.qi_dnlab == 0) { /* query to base zone: SOA and NS */
refuse(DNS_R_REFUSED); <== this place
...
}
without all the other stuff in this if() statement.
/mjt
More information about the rbldnsd
mailing list