[rbldnsd] I HATE BIND - please help

Chris. cth at fastmail.ca
Fri Mar 7 02:42:53 MSK 2008 

On Thu, 6 Mar 2008 22:38:54 +0000 (UTC), Chris. wrote...

> On Thu, 06 Mar 2008 20:33:14 +0300, Michael Tokarev wrote...
> 
>> [snip all]
> 
> LOL
> 
>> 
>> Ok.  I tried to read this thread - it turned to be VERY difficult
>> as you all did an "excellent" job with quoting so it's nearly
>> impossible to find the actual content in every new message.
> 
> No comment.
> 
>> Ok.
>> 
>> So far, I can only understand that no matter how rbldnsd is
>> configured, it always "REFUSE"s every query out there.
> 
> Correct.
> 
>> 
>> So from now, I suggest to do the following.
>> 
>> Start from scratch.  Using VERY VERY SIMPLE configuration, like
>> this:
>> 
>> rbldnsd -b 00.000.0000.00000/1053 -l +log bl.test:ip4set:test
> 
> I hate to sound "pedantic" but as I understood your intention,
> I used: rbldnsd -b 00.000.0000.000/1053 -l +log bl.test:ip4set:test
> 
>> 
>> -- literally, bl.test - this fake name will not reveal your
>> real domain you're hiding so carefully - only use the real
>> IP address.
>> 
>> In file "test", create only single line:
>> 
>> 127.0.0.2   hello here
> 
> Did it.
> 
>> 
>> now, after starting rbldnsd, query it
>> (forget about bind for now).
>> 
>> dig -p1050 2.0.0.127.bl.test @00.000.0000.000000
> 
> Again; being pedantic:
> dig -p1053 2.0.0.127.bl.test @00.000.0000.000
> 
> Reveals:
> ; <<>> DiG 9.4.2 <<>> -p1053 2.0.0.127.bl.test @00.000.000.000
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26434
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;2.0.0.127.bl.test.             IN      A
> 
> ;; ANSWER SECTION:
> 2.0.0.127.bl.test.      2100    IN      A       127.0.0.2
> 
> ;; Query time: 69 msec
> ;; SERVER: 00.000.000.000#1053(00.000.000.000)
> ;; WHEN: Thu Mar  6 14:24:12 2008
> ;; MSG SIZE  rcvd: 51
> 
> --- note the NOERROR above. :)
> 
> and sending:
> dig -p1053 2.0.0.127.bl.test @00.000.000.000 -t txt
> 
> reveals:
> ; <<>> DiG 9.4.2 <<>> -p1053 2.0.0.127.bl.test @00.000.000.000 -t txt
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43314
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;2.0.0.127.bl.test.             IN      TXT
> 
> ;; ANSWER SECTION:
> 2.0.0.127.bl.test.      2100    IN      TXT     "hello there"
> 
> ;; Query time: 1 msec
> ;; SERVER: 00.000.000.000#1053(00.000.000.000)
> ;; WHEN: Thu Mar  6 14:29:42 2008
> ;; MSG SIZE  rcvd: 59
> 
> --note the NOERROR+"hello there" above. :))
> 
>> 
>> (please use real syntax, - you're good at this stuff).
>> 
>> At this point, dig should return the test entry, and
>> rbldnsd should log the successeful query.
> 
> Yes, as you can see; it did.
> 
>> 
>> If it will log REFUSED, or anthing else for that matter --
>> well, There Is No Magic. - I'd say check your sources,
>> compilation options, fire up gdb etc - it's some local
>> problem.
>> 
>> Please do the very simple steps outlined above.  It should
>> be simple enough to follow.
> 
> As you can see; you were (of course) correct.
> I don't know if it's worth noting, but probably is;
> the BIND was /not/ running while I performed all this.
> 
> Anyway, difficult to say where /exactly/ I should go from
> here. But the output above looks promising.

OK. This just in...
I changed bl.text to my actual FQDN - blackhole.nospammers.com,
reused the test zone, fired up the RBLDNSD, sent a qurery
against 2.0.0.127.blackhole.nospammers.com.

Answer: NOERROR.

NEXT, I loaded up my original ip4tset zone and re-performed
all the steps, and queries again.

BINGO! - NOERROR.

Conclusion; there is one notabe difference I believe worth
mentioning between your /suggested/ commandline; the /lack/
of defining the PID file. I conclude that the RBLDNSD was
unable to properly communicate on it's socket because the
PID file was out of it's reach - /var/run/rbldnsd.pid
working dir: /usr/local/etc/rbldnsd/

Given that everything is now working as expected. I'm
going to make a var/run/ tree in the RBLDNSD's working
directory, and continue to use my earlier commandline
to startup the RBLDNSD. Unless that should fail, I think
we can consider this a "wrap". :)

Thank you (and everyone else) again for all your time and
consideration in this matter.

--Chris H

> 
> Thank you very much for all your time and consideration.
> 
> --Chris H
> 
>> 
>> /mjt
>> _______________________________________________
>> rbldnsd mailing list
>> rbldnsd at corpit.ru
>> http://www.corpit.ru/mailman/listinfo/rbldnsd
> _________________________________________________________________
> http://fastmail.ca/ - Fast Secure Web Email for Canadians
> 
> _______________________________________________
> rbldnsd mailing list
> rbldnsd at corpit.ru
> http://www.corpit.ru/mailman/listinfo/rbldnsd
_________________________________________________________________
    http://fastmail.ca/ - Fast Secure Web Email for Canadians

More information about the rbldnsd mailing list