[rbldnsd] managing 'thousands' of zones in RBLDNSd rather than Bind9?
snowcrash+rbldnsd
schneecrash+rbldnsd at gmail.com
Wed Aug 29 03:27:37 MSD 2007
hi michael,
> Well.. it's a good question. And sadly, I don't know an easy answer to it.
(snip)
> you want to "steal" those domains
> inside your network, so that regular DNS queries will be serviced by the
> local nameserver instead of asking regular nameservers authoritative for
> the domain in question.
yes. e.g., navigating in a browser to http://hitbox.com, or whatever,
would be 'redirected' to my local web server's "This Site's Been
Blocked" page.
> This way, you have to tell *NAMED* (which is your primary resolver) to hand
> those domains elsewhere - that's already enough for it to want quite some
> amount of memory.
(snip)
> So the short answer is -- this way, you have to either modify NAMED, or
> place some DNS proxy in front of it, which will filter queries before
> sending them to NAMED. That is, some sort of tweaking is needed on the
> NAMED side or in front of it, not behind it.
Hm. I hadn't thought about a lightweight forwarding proxy in FRONT of
both Bind9 & rbldnsd. Then queries could be passed/forwarded to
either Bind/RBLDNSd as defined in a simple/light table.
In principle, DJBdns would work. But then (a) why would I use Bind9,
and (b) I'd rather not use DJBDNS (yes, I'm aware rbldnsd is 'derived'
from it ...).
Preferable would be a fast, single-function (look-up & forward only!)
filter ... I'll have to dig.
> Oh well.
Thnks for the reply and the ideas!
Cheers.
More information about the rbldnsd
mailing list