[rbldnsd] rbldnsd setup on Centos 7

Lyle Giese lyle at lcrcomputer.net
Fri Apr 12 17:00:39 MSK 2019 

Rbldnsd is not a full service DNS server.  It's designed to be simple 
and quick and only support reverse lookup type data.  It only answers 
via UDP and does not listen to any TCP ports.

Here is a santized portion of the zone I load:

$SOA 3000 monitor.lcrcomputer.com postmaster.lcrcomputer.com 0 600 300 
86400 300
$NS 3000 rblns2.lcrcomputer.net rblns1.lcrcomputer.net
82.83.49.0-82.83.49.255:127.0.0.2: test text
85.168.250.0-85.168.250.255:127.0.0.2: test text

Line 1 & 2 are the zone parameters.  See an explanation of Bind's zone 
files for more information on these entries.

Lines 3 & 4 is the data to be served.

IP address ranges to be listed for blacklisting:
82.83.49.0 through 82.83.49.255
85.168.250.0 through 85.168.250.255

rbldnsd does not care about zone names or A records.  It resolves and 
supports reverse ip address lookups only.

My setup puts the blacklisted ip address into rbl.lcrcomputer.com 
domain.  Here's my startup parameters for rbldnsd:

<path to executable>/rbldnsd -b 50.205.186.239/53 -l 
/home/lyle/log/rbldnsd_log -u lyle -t1800:1800:1800 -c60 
rbl.lcrcomputer.com:ip4set:/home/lyle/blklist.zone

This zone is loaded into rbl.lcrcomputer.com and is an ip4set type 
dataset and the name of the datafile is blklist.zone

This is a closed system and can not be accessed outside of my internal 
lcrcomputer.com LAN.  So don't bother to try<GRIN>!


To query the dataset I use the command dig  I highly recommend using it 
and do not use host or nslookup. You get more information about who/what 
answered your query plus some additional info that would be helpfull for 
troubleshooting.

Here's what I get when I query my rbldnsd looking for ip address 82.83.49.1:

dig 1.49.83.82.rbl.lcrcomputer.com

; <<>> DiG 9.8.4 <<>> 1.49.83.82.rbl.lcrcomputer.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22581
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;1.49.83.82.rbl.lcrcomputer.com.        IN      A

;; ANSWER SECTION:
1.49.83.82.rbl.lcrcomputer.com. 1800 IN A       127.0.0.2

;; AUTHORITY SECTION:
rbl.lcrcomputer.com.    86400   IN      NS rblns2.lcrcomputer.net.
rbl.lcrcomputer.com.    86400   IN      NS rblns1.lcrcomputer.net.

;; ADDITIONAL SECTION:
rblns1.lcrcomputer.net. 43200   IN      A       50.205.186.135
rblns2.lcrcomputer.net. 43200   IN      A       50.205.186.239

;; Query time: 2 msec
;; SERVER: 50.205.186.130#53(50.205.186.130)
;; WHEN: Fri Apr 12 08:42:02 2019
;; MSG SIZE  rcvd: 153

If the ip address was not listed in my dataset, you don't get an 'ANSWER 
SECTION'.  In other words, it tells you 'I have no data for that ip 
address'.

Dig also tells you the ip address of the server you asked.  
50.205.186.130 in this case.

Understand this and you will be better able to use rbldnsd.

almost forgot for troubleshooting purposes, ip address 127.0.0.1 is 
always listed.  For my install

dig 1.0.0.127.rbl.lcrcomputer.com
will show data or in other words, it's listed.

Lyle Giese
LCR Computer Services, Inc.

On 4/11/2019 1:49 PM, Emanuel Gonzalez wrote:
> Hello,
>
> i try to install rbldnsd to Centos 7 arch x86_64. The installation is 
> correct but I can not return a result
>
> Run the service from console, with: rbldnsd -r/etc/rbldnsd/dnsbl -b 
> 127.0.0.1 foo.emadns.tk:ip4set:spammers
>
> In my dns server i create the subdomain:
>
> foo.emadns.tk                           |A    | 168.x.x.92
>
> rbldnsd -r/etc/rbldnsd/dnsbl -b 192.168.200.62 
> foo.emadns.tk:ip4set:spammers
>
> cat /etc/rbldnsd/dnsbl/spammers
> 200.x.x.191
>
> If I check the IP in my blacklist of subdomains, I received this error:
>
> host -t TXT 191.x.x.200.foo.emadns.tk
> Host 191.x.x.200.foo.emadns.tk not found: 3(NXDOMAIN)
>
> but i try the query this form, it's wotk fine
>
>
> host -t TXT 191.x.x.200.foo.emadns.tk 168.x.x.92
> Using domain server:
> Name: 168.x.x.92
> Address: 168.x.x.92#53
> Aliases:
>
> 191.x.x.200.foo.emadns.tk descriptive text "Blacklisted: 
> http://xxx.com/bl?200.x.x.191"
>
> any ideas.?
>
> Regards,
>
>
>
>
>
>
>
> _______________________________________________
> rbldnsd mailing list
> rbldnsd at corpit.ru
> http://www.corpit.ru/mailman/listinfo/rbldnsd


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.corpit.ru/pipermail/rbldnsd/attachments/20190412/c31de150/attachment.html>

More information about the rbldnsd mailing list