[rbldnsd] I HATE BIND - please help
Lyle Giese
lyle at lcrcomputer.net
Sun Mar 2 05:24:12 MSK 2008
Chris. wrote:
> On Fri, 29 Feb 2008 09:03:58 -0600, Lyle Giese wrote...
>
> Hello, and thank you for your reply.
>
>
>
>> What you have for information in your zone files is immaterial to what
>> addresses/ports named or rbldnsd bind to. The reference to 127.0.0.2
>> above is in reference to the answer(content of the zone files) rbldnsd
>> will gives back when queried and nothing to do with what address/port
>> rbldnsd is listening to. The term 'bind' as a verb references the
>> ablility of a process to attach itself to an ip address/port
>> combination. I think part of the problem here is the terminology used
>> here. You may be stating your question in a manner that is confusing
>> as to what your issue is.
>>
>> When you use the -b command line parameter, that binds rbldnsd to an ip
>> address/port comination and has nothing to do with the data it answers
>> for(contents of it's zone files). For my inhouse use, I have a zone
>> defined as rbl.lcrcomputer.com and put an ns record in BIND/named's
>> one files. So my queries for my blacklist would be of the form:
>>
>> dig 2.0.0.127.rbl.lcrcomputer.com
>>
>> or to ask about 209.172.152.2
>>
>> dig 2.152.172.209.rbl.lcrcomputer.com
>>
>> and in my lcrcomputer.com zone file in Bind/named, I have:
>>
>> rbl.lcrcomputer.com. in ns ns1.lcrcomputer.net
>>
>> And in my lcrcomputer.net zone:
>>
>> ns1.lcrcomputer.net in a 209.172.152.4
>>
>> And no it's not accessable via the Internet, it's an internal only
>> service.
>>
>> If 209.172.152.2 is listed in my rbl zone, rbldnsd gives back the
>> answer in the form of a A record giving 127.0.0.1(or .2 for your
>> zone). If that ip is not listed in your rbl zone, rbldnsd gives back a
>> not found answer.
>>
>>
>> Lyle
>>
>
> For the sake of clarity of my use of terminology; I used the term
> bind in reference to the context it was used in as a reply to one
> of my earlier posts. RBLDNSD does need to bind to 127.0.0.2, and
> 127.0.0.3 long enough to answer requests, as those are the addresses
> defined in it's zone files. But enough on that. :)
>
> As to the rest of your informative response; Yes, I understand.
> It is the same for me, except my address (as RBLDNSD is bound to)
> are Internet routable, and visible to the internet.
>
> performing:
> # dig @my.internet.routable.IP blackhole.nospammers.NET
>
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25600
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> As does:
> # dig @my.internet.routable.IP 2.0.0.127.blackhole.nospammers.NET
>
> or:
> # dig @my.internet.routable.IP 3.0.0.127.blackhole.nospammers.NET
>
> or:
> # dig @my.internet.routable.IP 209.172.152.4 4.152.172.209.blackhole.nospammers.NET
>
> or:
> # dig @my.internet.routable.IP 209.172.152.4.blackhole.nospammers.NET
>
> The RBLDNSD logs all return:
> 1204196617 111.222.333.444 999.888.777.666.blackhole.nospammers.COM A IN: REFUSED/0/61
>
> or:
> 1204196617 111.222.333.444 999.888.777.666.blackhole.nospammers.COM TXT IN: REFUSED/0/61
>
> depending on what my query was ( in TXT, or in A).
>
>
> Thank you again for taking the time to respond.
>
> --Chris H
>
> FWIW your mail reader largely corrupts the replies, requiring me to strip the message
> to my editor, so that I can reformat it and paste it into my mail reader to respond.
> It appears that it must be an HTML email writer that you use.
>
Do you have an ACL dataset? That appears to be the only way to get a
'refused' in the logs files. It would appear that you have accidentally
told RBLDNSD to refuse your own queries via an ACL dataset.
Lyle
P.S. I am using Thunderbird on Linux. It's setup to reply in the same
format as the orginal. I forced this reply to be plain text however.
This is the first time I have heard that comment about my messages.
More information about the rbldnsd
mailing list