[rbldnsd] Multiple Answers only sometimes
Michael Tokarev
mjt at tls.msk.ru
Sun Nov 18 01:16:22 MSK 2007
Manfred Hielder wrote:
> Hello List.
>
> I'm new with rbldnsd and try to realise a zone to find out the
> ASN's/Networks an IP belongs to.
> Why didn't the second query responds both results ?
>
> Testzonefile /usr/local/rbldns/zone/test.loc
> 14.36.116.0/23 <http://14.36.116.0/23> 14.36.116.0/23-1889
> <http://14.36.116.0/23-1889>
Wtf are all those http links?? You'd better get a more descent
mail client... ;)
By the way, please refrain posting in HTML -- at least
when it's definitely not necessary.
> 14.36.116.0/24 <http://14.36.116.0/24> 14.36.116.0/24-1889
> <http://14.36.116.0/24-1889>
> 241.153.0.0/16 <http://241.153.0.0/16> 241.153.0.0/16-995
> <http://241.153.0.0/16-995>
> 241.153.0.0/18 <http://241.153.0.0/18> 241.153.0.0/18-0719
> <http://241.153.0.0/18-0719>
> 241.153.64.0/18 <http://241.153.64.0/18> 241.153.64.0/18-3661
> <http://241.153.64.0/18-3661>
>
> /usr/local/rbldns/rbldnsd -f -u nobody -b 0.0.0.0/53 <http://0.0.0.0/53>
> -w /usr/local/rbldns/zone test.loc:ip4set:test.loc
>
> # dig +short txt 13.116.36.14.test.loc @127.0.0.1 <http://127.0.0.1>
> "14.36.116.0/23-1889 <http://14.36.116.0/23-1889>"
> " 14.36.116.0/24-1889 <http://14.36.116.0/24-1889>"
Those two are in the same octet boundary (/24)
> # dig +short txt 13.110.153.241.test.loc @127.0.0.1 <http://127.0.0.1>
> "241.153.64.0/18-3661 <http://241.153.64.0/18-3661>"
>
> Shouldn't this also respond the 241.153.0.0/16 <http://241.153.0.0/16>
> 241.153.0.0/16-995 <http://241.153.0.0/16-995> Line ?
And those are in different octet boundaries.
Internally, ip4set composed of 4 arrays. Each range with
size /32../25 is added to first array. Each range with
size /24../17 - to second. /16../9 - to 3rd, and /8../1
to 4th. This is in more-or-less natural granularity, because
in DNS IP addresses and ranges are separated by octets
(4 for an address). Rbldnsd searches all the arrays and
stops on first match - usually it's appropriate because
only most specific entry is the most interesting one.
In any way, the behavour is a compromise between correctness
(so to say - remember it has been designed for a very
particular purpose, where "correctness" isn't very
important) and speed and compact data representation.
For things like in your case, more natural representation
is ip4trie - because all entries are CIDRs without fancy
ranges, and there aren't that many of them. For ip4trie,
rbldnsd will ONLY return the most specific entry -- always.
If that's not what's needed, i.e, you really want ALL entries
to be returned instead of only the most specific one, --
with current code it's not possible, but it's trivial to
implement in rbldnsd_ip4trie.c - about 5 lines of code,
in ds_ip4trie_query() routine. The only problem with that
is how to control whenever one wants most specific or all
entries to be returned.
/mjt
More information about the rbldnsd
mailing list