[rbldnsd] Newbie questions

[Skull]

On 5/16/11 11:17 AM, Phoenix Kiula wrote:
> On Mon, May 16, 2011 at 5:11 PM, Skull <skull at skullkrusher.net> wrote:
> 
> [snip]
> 
>> It means: instead of looking up "multi.surbl.org" through the DNS
>> delegation tree, just ask (forward queries to) 127.0.0.1 on port 750.
>> If it does not answer, ask the usual way (this is the meaning of
>> "forward first").
> 
> 
> OK, about this one. Doesn't having the following in "/etc/resolv.conf"
> do exactly the same thing?
> 
> 
>   nameserver 127.0.0.1
>   nameserver 8.8.8.8    #--> Google's Public DNS
> 
> 
> This would make sure that any external DNS calls are first looked at
> in the local cache from BIND, which is on 127.0.0.1, and if nothing is
> found, then go out to query via Google's public DNS.

With that config your system resolves names asking your BIND resolver on
127.0.0.1, and falling back to GDNS if it does not answer.

Still, that BIND has to be instructed about where rbldnsd is and which
DNS zones it manages; otherwise it's just going to resolve the usual way
(for "multi.surbl.org" it will ask the root servers, then the gTLD for
.org, then authoritatives for surbl.org and finally ask the rbldnsd
instances SURBL runs for public access).

In no way it's going to ask to your local rbldnsd instance, becasue BIND
does not even know it's there. That's why you have to instruct it.


> Or am I misunderstanding this, and rbldnsd actually provides something
> additional to this?

No. There is nothing special about rbldnsd: it's just another DNS server.


> Many thanks for your patient replies. I am not a geek, but I can
> configure+make+make install and follow such instructions.

Ok.
Start downloading and compiling rbldnsd.
Configure it to run at startup with the zonefiles you need and create
the BIND configuration stance accordingly.
Once it's running, you should be able to query it using dig:

$ dig a blacklisted-domain.tld.multi.surbl.org @127.0.0.1 -p 750

change "blacklisted-domain.tld" with a record you expect to be
blacklisted by your rbldnsd zone and "multi.surbl.org" with the name of
the zone you configured in rbldnsd startup script (and in BIND as well).

If you receive a "127.0.0.x" reply, rbldnsd is ok.

then ask the same question to your BIND resolver:

$ dig a blacklisted-domain.tld.multi.surbl.org @127.0.0.1

If you get the same answer, BIND is (probably) correctly forwarding your
query to your rbldnsd instance.

If you need more specific help, you should give us some detail: port
where you're trying to run rbldnsd, name and path of the zonefile, zone
name, etc.

-- 
Paranoia is a disease unto itself. And may I add: the person standing
next to you may not be who they appear to be, so take precaution.
-----------------------------------------------------------------------------
http://bofhskull.wordpress.com/