[rbldnsd] I HATE BIND - please help

[Chris.]

Greetings All,
 I'm certianly not new to BIND (since late '70's, or 80 as I recall). But I /am/
new to rbldnsd. I have some 50 domains and all the mail associated with them.
Over the years I've spent quite some time tuning sendmail, and crafting a milter,
for it, and augment the milter with some well crafted scripts that are commited
to cron. I'm quite proud of the results. In 3 months I had collected ~80k of
abusive IP addresses which my milter filters against. Making all SPAM bounce
during the (E)HELO. whoo hoo! :) /But/ while this is /very/ effective, and has
returned /zero/ "positives" over 3yrs. running. It /is/ a bit overkill, as I
believe creating a local BL out of my growing evil IP list would be /far/ more
efficient. Enter RBLDNSS. :) Well, set to work, trying to figure out how I
might get it to work in harmony with BIND. But had no luck. Then I happened
across a tutorial at TQ something (it's address is also mentioned in this list).
Anyway, the tutorial couldn't possibly work for several reasons. But it did
get my mind in a close enough proximity to get it to work on one of my domains.
HOWEVER, I just purchased 2 domains I wanted to dedicate to anti-spam, and planned
to move my working RBLDNSD+BIND config over to them (another server/ boxen).
WELL, it didn't work. Some specs:
Original /working/ setup

server has 2 domains, bind+rbldns run from the /primary/ domain (the one the
box is known by) Setup:
 * box is known by NS.DOMAIN-1.TLD
 * SOA for DOMAIN.TLD and DOMAIN-2.TLD
 * has 2 IRIP's (internet routable IP's) + loopback (127.0.0.1)

DOMAIN-1.TLD.ZONE
$ORIGIN DOMAIN-1.TLD.
$TTL	1800
@ IN SOA NS.DOMAIN-1.TLD. root.DOMAIN-1.TLD. (
    2004091320  ; Serial
    1800        ; Refresh (update slaves every 30 min.)
    900         ; Retry (retry failed update in 15 min.)
    604800      ; Expire (secondary data expires in 7days)
    86400 )     ; Minimum (dump cache after 24 hrs.)

    NS NS.DOMAIN-1.TLD.
    A  I.R.I.P
    NS blah
    NS blah.blah
    ...

MX   0 MAIL
MX   99 MAIL2

NS      A    I.R.I.P
HINFO   IBM-PC/AT    UNICS/UNIX

;other hosts
    ...

; DNSRBL
rbl    NS    NS

;end DOMAIN-1.TLD
--------------------------
LOCALHOST.zone has only 127.0.0.1 && AAAA  ::1
--------------------------
named.conf:
zone "DOMAIN-1.TLD" in {
    type master;
    file "master/DOMAIN-1.TLD.zone";
    forwarders {};
    allow-transfer { <primarys, and secondaries> };
};

zone "dnsbl.DOMAIN-1.TLD" {
	type forward;
	forward only;
	forwarders { I.R.I.P port 530; };
};
-------------------------------
RBLDNSD.conf: 2 zones - 1 ip4tset, and 1 ip4set
runs with:
rbldnsd_flags:-"-r /usr/local/etc/rbldnsd -f -v -v -c 1m \
-b 75.160.109.247/530 dnsbl.DOMAIN-1.TLD:ip4tset:clients \
 dnsbl.DOMAIN-1.TLD:ip4set:hosts

clients:
:127.0.0.2:REFUSED! Too much abuse from $, goodbye...
1.2.3.4
5.6.7.8
 ...
9.0.1.2

hosts:
:127.0.0.3:REFUSED! Too much abuse from $, goodbye...
9.8.7.6
5.4.3.2
 ...
1.0.9.8

In this setup, everything works /gloriously/.

But, in my /targeted/ setup, I have tried everything I can possibly imagine.
Am now pulling my hair out. PLEASE HELP.
FWIW - in the setup above, replace DOMAIN-1.TLD with a FQDN .com domain.

Targeted setup:
 * 2 domains - 1 .COM, 1 .NET
 * server has 2 I.R.I.P's
 * server is known by the .COM FQDN
 * need rbldnsd to serve the .NET domain, directing angry ppl to the .COM
   web site for directions, and possible white listing.
 * as above - has 1 nic, second IRIP is aliased off the same nic (worked fine above)

Can this be done? If so, will someone /please/ provide a recipe?

Thank you for all your time and consideration in this matter.

--Chris H


_________________________________________________________________
    http://fastmail.ca/ - Fast Secure Web Email for Canadians