[rbldnsd] I HATE BIND - please help

[Amos Jeffries]

Chris. wrote:
> Greetings All,
>  I'm certianly not new to BIND (since late '70's, or 80 as I recall). But I /am/
> new to rbldnsd. I have some 50 domains and all the mail associated with them.
> Over the years I've spent quite some time tuning sendmail, and crafting a milter,
> for it, and augment the milter with some well crafted scripts that are commited
> to cron. I'm quite proud of the results. In 3 months I had collected ~80k of
> abusive IP addresses which my milter filters against. Making all SPAM bounce
> during the (E)HELO. whoo hoo! :) /But/ while this is /very/ effective, and has
> returned /zero/ "positives" over 3yrs. running. It /is/ a bit overkill, as I
> believe creating a local BL out of my growing evil IP list would be /far/ more
> efficient. Enter RBLDNSS. :) Well, set to work, trying to figure out how I
> might get it to work in harmony with BIND. But had no luck. Then I happened
> across a tutorial at TQ something (it's address is also mentioned in this list).
> Anyway, the tutorial couldn't possibly work for several reasons. But it did
> get my mind in a close enough proximity to get it to work on one of my domains.
> HOWEVER, I just purchased 2 domains I wanted to dedicate to anti-spam, and planned
> to move my working RBLDNSD+BIND config over to them (another server/ boxen).
> WELL, it didn't work. Some specs:
> Original /working/ setup
> 
> server has 2 domains, bind+rbldns run from the /primary/ domain (the one the
> box is known by) Setup:
>  * box is known by NS.DOMAIN-1.TLD
>  * SOA for DOMAIN.TLD and DOMAIN-2.TLD
>  * has 2 IRIP's (internet routable IP's) + loopback (127.0.0.1)
> 
> DOMAIN-1.TLD.ZONE
> $ORIGIN DOMAIN-1.TLD.
> $TTL	1800
> @ IN SOA NS.DOMAIN-1.TLD. root.DOMAIN-1.TLD. (
>     2004091320  ; Serial
>     1800        ; Refresh (update slaves every 30 min.)
>     900         ; Retry (retry failed update in 15 min.)
>     604800      ; Expire (secondary data expires in 7days)
>     86400 )     ; Minimum (dump cache after 24 hrs.)
> 
>     NS NS.DOMAIN-1.TLD.
>     A  I.R.I.P
>     NS blah
>     NS blah.blah
>     ...
> 
> MX   0 MAIL
> MX   99 MAIL2
> 
> NS      A    I.R.I.P
> HINFO   IBM-PC/AT    UNICS/UNIX
> 
> ;other hosts
>     ...
> 
> ; DNSRBL
> rbl    NS    NS
> 
> ;end DOMAIN-1.TLD
> --------------------------
> LOCALHOST.zone has only 127.0.0.1 && AAAA  ::1
> --------------------------
> named.conf:
> zone "DOMAIN-1.TLD" in {
>     type master;
>     file "master/DOMAIN-1.TLD.zone";
>     forwarders {};
>     allow-transfer { <primarys, and secondaries> };
> };
> 
> zone "dnsbl.DOMAIN-1.TLD" {
> 	type forward;
> 	forward only;
> 	forwarders { I.R.I.P port 530; };
> };
> -------------------------------
> RBLDNSD.conf: 2 zones - 1 ip4tset, and 1 ip4set
> runs with:
> rbldnsd_flags:-"-r /usr/local/etc/rbldnsd -f -v -v -c 1m \
> -b 75.160.109.247/530 dnsbl.DOMAIN-1.TLD:ip4tset:clients \
>  dnsbl.DOMAIN-1.TLD:ip4set:hosts
> 
> clients:
> :127.0.0.2:REFUSED! Too much abuse from $, goodbye...
> 1.2.3.4
> 5.6.7.8
>  ...
> 9.0.1.2
> 
> hosts:
> :127.0.0.3:REFUSED! Too much abuse from $, goodbye...
> 9.8.7.6
> 5.4.3.2
>  ...
> 1.0.9.8
> 
> In this setup, everything works /gloriously/.
> 
> But, in my /targeted/ setup, I have tried everything I can possibly imagine.
> Am now pulling my hair out. PLEASE HELP.
> FWIW - in the setup above, replace DOMAIN-1.TLD with a FQDN .com domain.
> 
> Targeted setup:
>  * 2 domains - 1 .COM, 1 .NET
>  * server has 2 I.R.I.P's
>  * server is known by the .COM FQDN
>  * need rbldnsd to serve the .NET domain, directing angry ppl to the .COM
>    web site for directions, and possible white listing.
>  * as above - has 1 nic, second IRIP is aliased off the same nic (worked fine above)
> 
> Can this be done? If so, will someone /please/ provide a recipe?

Just add the .com site to your text in the data files.
ie:

clients:
:127.0.0.2:REFUSED! Go see why at http://example.com/?ip=$
1.2.3.4
5.6.7.8

The .com being setup as you would a normal website. Quite seperate from 
the rbldnsd configs.

AYJ