[rbldnsd] I HATE BIND - please help

Chris. cth at fastmail.ca
Fri Mar 7 01:38:54 MSK 2008 

On Thu, 06 Mar 2008 20:33:14 +0300, Michael Tokarev wrote...

> [snip all]

LOL

> 
> Ok.  I tried to read this thread - it turned to be VERY difficult
> as you all did an "excellent" job with quoting so it's nearly
> impossible to find the actual content in every new message.

No comment.

> Ok.
> 
> So far, I can only understand that no matter how rbldnsd is
> configured, it always "REFUSE"s every query out there.

Correct.

> 
> So from now, I suggest to do the following.
> 
> Start from scratch.  Using VERY VERY SIMPLE configuration, like
> this:
> 
> rbldnsd -b 00.000.0000.00000/1053 -l +log bl.test:ip4set:test

I hate to sound "pedantic" but as I understood your intention,
I used: rbldnsd -b 00.000.0000.000/1053 -l +log bl.test:ip4set:test

> 
> -- literally, bl.test - this fake name will not reveal your
> real domain you're hiding so carefully - only use the real
> IP address.
> 
> In file "test", create only single line:
> 
> 127.0.0.2   hello here

Did it.

> 
> now, after starting rbldnsd, query it
> (forget about bind for now).
> 
> dig -p1050 2.0.0.127.bl.test @00.000.0000.000000

Again; being pedantic:
dig -p1053 2.0.0.127.bl.test @00.000.0000.000

Reveals:
; <<>> DiG 9.4.2 <<>> -p1053 2.0.0.127.bl.test @00.000.000.000
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26434
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;2.0.0.127.bl.test.             IN      A

;; ANSWER SECTION:
2.0.0.127.bl.test.      2100    IN      A       127.0.0.2

;; Query time: 69 msec
;; SERVER: 00.000.000.000#1053(00.000.000.000)
;; WHEN: Thu Mar  6 14:24:12 2008
;; MSG SIZE  rcvd: 51

--- note the NOERROR above. :)

and sending:
dig -p1053 2.0.0.127.bl.test @00.000.000.000 -t txt

reveals:
; <<>> DiG 9.4.2 <<>> -p1053 2.0.0.127.bl.test @00.000.000.000 -t txt
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43314
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;2.0.0.127.bl.test.             IN      TXT

;; ANSWER SECTION:
2.0.0.127.bl.test.      2100    IN      TXT     "hello there"

;; Query time: 1 msec
;; SERVER: 00.000.000.000#1053(00.000.000.000)
;; WHEN: Thu Mar  6 14:29:42 2008
;; MSG SIZE  rcvd: 59

--note the NOERROR+"hello there" above. :))

> 
> (please use real syntax, - you're good at this stuff).
> 
> At this point, dig should return the test entry, and
> rbldnsd should log the successeful query.

Yes, as you can see; it did.

> 
> If it will log REFUSED, or anthing else for that matter --
> well, There Is No Magic. - I'd say check your sources,
> compilation options, fire up gdb etc - it's some local
> problem.
> 
> Please do the very simple steps outlined above.  It should
> be simple enough to follow.

As you can see; you were (of course) correct.
I don't know if it's worth noting, but probably is;
the BIND was /not/ running while I performed all this.

Anyway, difficult to say where /exactly/ I should go from
here. But the output above looks promising.

Thank you very much for all your time and consideration.

--Chris H

> 
> /mjt
> _______________________________________________
> rbldnsd mailing list
> rbldnsd at corpit.ru
> http://www.corpit.ru/mailman/listinfo/rbldnsd
_________________________________________________________________
    http://fastmail.ca/ - Fast Secure Web Email for Canadians

More information about the rbldnsd mailing list