[rbldnsd] I HATE BIND - please help

Chris. cth at fastmail.ca
Fri Feb 29 03:19:45 MSK 2008 

On Thu, 28 Feb 2008 17:15:49 -0600, Lyle Giese wrote...
>>> It works for me ... try changing the -b 75.160.109.247/530 in your
>>> rbldnsd_flags to 127.0.0.2.  Better yet change it to 0.0.0.0/530 for
>>> testing.
>>>
---8<---SNIP---8<-----
>>
>> I'm not sure you understood me when I said rbldnsd wouldn't bind to
>> the loopback block. Here's some examples of the output:
>>
>> -b 127.0.0.2/530
>> rbldnsd: unable to bind to 127.0.0.2/530: Can't assign requested address
>>
>> -b 127.0.0.2
>> rbldnsd: unable to bind to 127.0.0.2: Can't assign requested address
>>
>> -b 127.0.0.3/530
>> rbldnsd: unable to bind to 127.0.0.3/530: Can't assign requested address
>>
>> ... and so on.
>> Nothing else is bound to those IP's.
>> So like I said, the only difference between the two is the BIND version -
>> 9.4 vs. 9.3. Which leads me to believe rbldnsd won't/doesn't
>> work the same on newer versions of BIND.
>>
>> Thanks for taking the time to reply.
>>
>> --Chris H
>>
>>   
>>> Cheers,
>>>
>> ds
>>>
---8<--SNIP--8<---
>> _______________________________________________
>> rbldnsd mailing list
>> rbldnsd at corpit.ru
>> http://www.corpit.ru/mailman/listinfo/rbldnsd
>>

> I use BIND and rbldnsd on the same server here.  I have BIND bound to
> 127.0.0.1, 192.168.x.4 and 209.172.152.4.  I have rbldnsd bound to
> 209.172.152.6.  Why do you need rbldnsd bound to the loopback?  And if
> BIND is bound to 127.0.0.1, I can understand why rbldnsd would not bind
> to 127.0.0.x.  I don't remember in this thread if you stated BIND was
> bound to 127.0.0.1 or not.

Indeed. 127.0.0.1 is almost always configured, and bound-to in BIND, as
well as the 127.0.0 block as a zone itself. A difference in the 9.4 version
of the BIND vs. 9.3 is that it comes with a 127.in-addr.arpa zone. Which
greatly enlarges the default "loopback" block from it's previous default
127.0.0.0/24. So in answer to your question - yes, I have a "loopback"
zone, and the BIND /is/ using 127.0.0.1 on port 953 (the control zone
for RNDC). The "loopback" zone I defined is a 127.0.0.0/24 (254 IP's)
which has always been more than enough for my needs. As a matter of fact
the only IP strictly defined in it is 1.0.0.127-in-addr.arpa.
Also, as far as the BIND is concerned; the only reference(s) to the
RBLDNSD IP's is the "blackhole" zone defined as follows:
zone "blackhole.nomorespam.COM" {
      type forward;
      forward only;
      forwarders { <internet routable IP> port 530; };
};

No mention of the loopback block here. The place it's used is in
RBLDNSD's zone:

blackhole.nomorespam.COM:ip4tset:clients
:127.0.0.2:REFUSED! Too much abuse from the $ network, goodbye...
111.222.333.444
555.666.777.888
 ...
999.000.111.222

Note the use of 127.0.0.2 above. I use 127.0.0.3
in a ip4set also. The command line uses: -b <my internet routable IP>/530
I only used any of the "loopback" addresses on the command line to test
for issues with RBLDNSD binding to (using) the IP's I defined in the
zones (ip4tset || ip4set). I had no trouble on a BIND-9.3 server. This
all only became a problem on a BIND-9.4 server. I hope this was clearer.

Thank you for taking the time to respond.

--Chris H



Lyle
> _______________________________________________
> rbldnsd mailing list
> rbldnsd at corpit.ru
> http://www.corpit.ru/mailman/listinfo/rbldnsd
_________________________________________________________________
    http://fastmail.ca/ - Fast Secure Web Email for Canadians

More information about the rbldnsd mailing list