No subject


Mon Mar 29 19:14:58 MSD 2010 

that ask rbldnsd directly), and it works. It mean that rbldnsd manage the
zone without any problem:
$>host 1.1.1.1.testbl.mydomain.com
1.1.1.1.testbl.mydomain.com has address 127.0.0.4


BUT, if I try to request
$>host 1.1.1.1.testbl1.mydomain.com
;; connection timed out; no servers could be reached

bind's log (daemon.log), doesn't show any error/reject answer...

Here I'm stuck .. Why does BIND doesn't tranfer the request ? How could I
check that bind is the one that failed the request ? Why bind does the job
locally and not remotely ?

I know this isn't related to rbldnsd directly (it seems obvious that bind is
the source of the problem), but I think it's the best place to get my answer
:)

--
Nicolas G. / meepmeep
[EuropNet.org Admin]

--001485f1a168307a1004841afff0
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi<div><br></div><div>As an IRC Network administrator, I&#39;m using rbldns=
d to create my own black list of private botnet.</div><div>It works great l=
ocally, everything is fine. But, with the time, private botnet goes over ot=
her IRC Network, and we thought that it would be a great idea to share our =
dnsbl.</div>
<div><br></div><div>Currently and locally, I request my bind server (listen=
 on 127.0.0.1 and x.x.x.226, both on port 53), and it transfer the request =
to rbldnsd (listen to public ip : x.x.x.229, port 53).</div><div>I could as=
k bind or rbldnsd, it works while I&#39;m still on my server.</div>
<div><br></div><div>Now, I tried to use this rbldnsd from &quot;outside&quo=
t;, and I have a problem ...</div><div>I add 2 entries in my DNS configurat=
ion:</div><div><br></div><div><a href=3D"http://testbl.mydomain.com">testbl=
.mydomain.com</a> IN NS x.x.x.229 (direct access to rbldnsd)</div>
<div><a href=3D"http://testbl1.mydomaine.com">testbl1.mydomaine.com</a> IN =
NS x.x.x.226 (direct access to bind)</div><div><br></div><div>I add this on=
 my bind configuration :</div><div><div>zone &quot;<a href=3D"http://testbl=
1.mydomain.com">testbl1.mydomain.com</a>&quot; IN {</div>
<div>=A0=A0 =A0 =A0 =A0type forward;</div><div>=A0=A0 =A0 =A0 =A0forward fi=
rst;</div><div>=A0=A0 =A0 =A0 =A0forwarders {</div><div>=A0=A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0x.x.x.229 port 53;</div><div>=A0=A0 =A0 =A0 =A0};</div><div>=
<br></div></div><div><br></div><div>(in every case, bind should transfer th=
e request to rbldnsd on x.x.x.229)</div>
<div><br></div><div>My ip4set on rbldnsd start like this :</div><div><div>$=
SOA 0 <a href=3D"http://noc.mydomain.com">noc.mydomain.com</a> <a href=3D"h=
ttp://noc.mydomain.com">noc.mydomain.com</a> 2010071801 15 1m 4w 15</div><d=
iv>
$NS 0 <a href=3D"http://noc.mydomain.com">noc.mydomain.com</a></div><div>$T=
TL 10s</div><div>:127.0.0.2:IP $ is listed as corrupt</div></div><div>1.1.1=
.1 :4:prout</div><div>etc.</div><div><br></div><div>And rbldnsd is launch l=
ike this :=A0</div>
<div>/usr/sbin/rbldnsd -p /var/run/rbldnsd.pid -r /var/lib/rbldns -w . -v -=
f -b x.x.x.229/53 -t 30 -l rbldns.log -s rbldns.stats dnsbl.irc:ip4set:open=
host dnsbl.myircnetwork.ext:ip4set:openhost =A0testbl.mydomain.com:ip4set:o=
penhost testbl1.mydomain.com:ip4set:openhost</div>
<div><br></div><div>And last point (which is for me the source of the probl=
em):=A0</div><div>In bind configuration :</div><div><div>=A0=A0 =A0 =A0</di=
v><div>=A0=A0 =A0 recursion yes;</div><div>=A0=A0 =A0 allow-recursion { any=
; };</div><div>=A0=A0 =A0 allow-query { any; };</div>
<div>=A0=A0 =A0 allow-query-cache { any; };</div><div>=A0=A0 =A0 allow-tran=
sfer { any; };</div></div><div><br></div><div>So, know .. what is happening=
 :</div><div>From an external source, I could request to <a href=3D"http://=
testbl.mydomain.com">testbl.mydomain.com</a> (the one that ask rbldnsd dire=
ctly), and it works. It mean that rbldnsd manage the zone without any probl=
em:=A0</div>
<div><div>$&gt;host <a href=3D"http://1.1.1.1.testbl.mydomain.com">1.1.1.1.=
testbl.mydomain.com</a></div><div><a href=3D"http://1.1.1.1.testbl.mydomain=
.com">1.1.1.1.testbl.mydomain.com</a>=A0has address 127.0.0.4</div></div><d=
iv>
<br></div><div><br></div><div>BUT, if I try to request=A0</div><div>$&gt;ho=
st <a href=3D"http://1.1.1.1.testbl1.mydomain.com">1.1.1.1.testbl1.mydomain=
.com</a></div><div><div>;; connection timed out; no servers could be reache=
d</div>
</div><div><br></div><div><div>bind&#39;s log (daemon.log), doesn&#39;t sho=
w any error/reject answer...</div></div><div><br></div><div>Here I&#39;m st=
uck .. Why does BIND doesn&#39;t tranfer the request ? How could I check th=
at bind is the one that failed the request ? Why bind does the job locally =
and not remotely ?</div>
<div><br></div><div>I know this isn&#39;t related to rbldnsd directly (it s=
eems obvious that bind is the source of the problem), but I think it&#39;s =
the best place to get my answer :)</div><div><br><div>--<br>Nicolas G. / me=
epmeep<br>
[EuropNet.org Admin]<br><br>
</div></div>

--001485f1a168307a1004841afff0--

More information about the rbldnsd mailing list