[rbldnsd] I HATE BIND - please help

Chris. cth at fastmail.ca
Thu Feb 28 14:41:01 MSK 2008 

On Thu, 28 Feb 2008 23:38:38 +1300, Amos Jeffries wrote...

> Chris. wrote:
>> Greetings All,
>> I'm certianly not new to BIND (since late '70's, or 80 as I recall).
>> But I /am/ new to rbldnsd. I have some 50 domains and all the mail
>> associated with them. Over the years I've spent quite some time
>> tuning sendmail, and crafting a milter, for it, and augment the
>> milter with some well crafted scripts that are commited to cron. I'm
>> quite proud of the results. In 3 months I had collected ~80k of
>> abusive IP addresses which my milter filters against. Making all SPAM
>> bounce during the (E)HELO. whoo hoo! :) /But/ while this is /very/
>> effective, and has returned /zero/ "positives" over 3yrs. running. It
>> /is/ a bit overkill, as I believe creating a local BL out of my
>> growing evil IP list would be /far/ more efficient. Enter RBLDNSS. :)
>> Well, set to work, trying to figure out how I might get it to work in
>> harmony with BIND. But had no luck. Then I happened across a tutorial
>> at TQ something (it's address is also mentioned in this list).
>> Anyway, the tutorial couldn't possibly work for several reasons. But
>> it did get my mind in a close enough proximity to get it to work on
>> one of my domains. HOWEVER, I just purchased 2 domains I wanted to
>> dedicate to anti-spam, and planned to move my working RBLDNSD+BIND
>> config over to them (another server/ boxen). WELL, it didn't work.
>> Some specs: Original /working/ setup
>> 
>> server has 2 domains, bind+rbldns run from the /primary/ domain (the
>> one the box is known by) Setup:
>> * box is known by NS.DOMAIN-1.TLD
>> * SOA for DOMAIN.TLD and DOMAIN-2.TLD
>> * has 2 IRIP's (internet routable IP's) + loopback (127.0.0.1)
>> 
>> DOMAIN-1.TLD.ZONE
>> $ORIGIN DOMAIN-1.TLD.
>> $TTL	1800
>> @ IN SOA NS.DOMAIN-1.TLD. root.DOMAIN-1.TLD. (
>> 2004091320  ; Serial
>> 1800        ; Refresh (update slaves every 30 min.)
>> 900         ; Retry (retry failed update in 15 min.)
>> 604800      ; Expire (secondary data expires in 7days)
>> 86400 )     ; Minimum (dump cache after 24 hrs.)
>> 
>> NS NS.DOMAIN-1.TLD.
>> A  I.R.I.P
>> NS blah
>> NS blah.blah
>> ...
>> 
>> MX   0 MAIL
>> MX   99 MAIL2
>> 
>> NS      A    I.R.I.P
>> HINFO   IBM-PC/AT    UNICS/UNIX
>> 
>> ;other hosts
>> ...
>> 
>> ; DNSRBL
>> rbl    NS    NS
>> 
>> ;end DOMAIN-1.TLD
>> --------------------------
>> LOCALHOST.zone has only 127.0.0.1 && AAAA  ::1
>> --------------------------
>> named.conf:
>> zone "DOMAIN-1.TLD" in {
>> type master;
>> file "master/DOMAIN-1.TLD.zone";
>> forwarders {};
>> allow-transfer { <primarys, and secondaries> };
>> };
>> 
>> zone "dnsbl.DOMAIN-1.TLD" {
>> 	type forward;
>> 	forward only;
>> 	forwarders { I.R.I.P port 530; };
>> };
>> -------------------------------
>> RBLDNSD.conf: 2 zones - 1 ip4tset, and 1 ip4set
>> runs with:
>> rbldnsd_flags:-"-r /usr/local/etc/rbldnsd -f -v -v -c 1m \
>> -b 75.160.109.247/530 dnsbl.DOMAIN-1.TLD:ip4tset:clients \
>> dnsbl.DOMAIN-1.TLD:ip4set:hosts
>> 
>> clients:
>> :127.0.0.2:REFUSED! Too much abuse from $, goodbye...
>> 1.2.3.4
>> 5.6.7.8
>> ...
>> 9.0.1.2
>> 
>> hosts:
>> :127.0.0.3:REFUSED! Too much abuse from $, goodbye...
>> 9.8.7.6
>> 5.4.3.2
>> ...
>> 1.0.9.8
>> 
>> In this setup, everything works /gloriously/.
>> 
>> But, in my /targeted/ setup, I have tried everything I can possibly
>> imagine. Am now pulling my hair out. PLEASE HELP.
>> FWIW - in the setup above, replace DOMAIN-1.TLD with a FQDN .com
>> domain.
>> 
>> Targeted setup:
>> * 2 domains - 1 .COM, 1 .NET
>> * server has 2 I.R.I.P's
>> * server is known by the .COM FQDN
>> * need rbldnsd to serve the .NET domain, directing angry ppl to the
>> .COM web site for directions, and possible white listing.
>> * as above - has 1 nic, second IRIP is aliased off the same nic
>> (worked fine above)
>> 
>> Can this be done? If so, will someone /please/ provide a recipe?
> 
> Just add the .com site to your text in the data files.
> ie:
> 
> clients:
> :127.0.0.2:REFUSED! Go see why at http://example.com/?ip=$
> 1.2.3.4
> 5.6.7.8
> 
> The .com being setup as you would a normal website. Quite seperate
> from the rbldnsd configs.
> 
> AYJ

Hello, and thank you for your reply.

Indeed. That would, of course send the correct/desired response.
But I'm afraid that's the /least/ of my troubles. :)

Duplicating my previous /working/ setup on the new server, /ALWAYS/
results in RBLDNSD replying:

1204196045 <internet IP here> 165.193.171.124.blackhole.nospammers.NET A IN: REFUSED/0/61

Looks as though that rbldnsd refuses to bind to any IP's in the loopback
block. It happly binds to the Internet Routable IP/PORT I give it. But
will /not/ use either 127.0.0.2, or 127.0.0.3. Which I've assigned to the
two zones. Looks like rbldnsd doesn't work on newer version(s) of BIND.
It worked fine on the patched 9.3. But this is on a 9.4 install. Sigh.

Thank you again for your response.

--Chris  H


> _______________________________________________
> rbldnsd mailing list
> rbldnsd at corpit.ru
> http://www.corpit.ru/mailman/listinfo/rbldnsd
_________________________________________________________________
    http://fastmail.ca/ - Fast Secure Web Email for Canadians

More information about the rbldnsd mailing list