<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=us-ascii" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Chris. wrote:
<blockquote cite="mid20080229001946.5C4DEEA5043@mail.fastmail.ca"
type="cite">
<pre wrap="">On Thu, 28 Feb 2008 17:15:49 -0600, Lyle Giese wrote...
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">It works for me ... try changing the -b 75.160.109.247/530 in your
rbldnsd_flags to 127.0.0.2. Better yet change it to 0.0.0.0/530 for
testing.
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap=""><!---->---8<---SNIP---8<-----
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">I'm not sure you understood me when I said rbldnsd wouldn't bind to
the loopback block. Here's some examples of the output:
-b 127.0.0.2/530
rbldnsd: unable to bind to 127.0.0.2/530: Can't assign requested address
-b 127.0.0.2
rbldnsd: unable to bind to 127.0.0.2: Can't assign requested address
-b 127.0.0.3/530
rbldnsd: unable to bind to 127.0.0.3/530: Can't assign requested address
... and so on.
Nothing else is bound to those IP's.
So like I said, the only difference between the two is the BIND version -
9.4 vs. 9.3. Which leads me to believe rbldnsd won't/doesn't
work the same on newer versions of BIND.
Thanks for taking the time to reply.
--Chris H
</pre>
<blockquote type="cite">
<pre wrap="">Cheers,
</pre>
</blockquote>
<pre wrap="">ds
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->---8<--SNIP--8<---
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">_______________________________________________
rbldnsd mailing list
<a class="moz-txt-link-abbreviated" href="mailto:rbldnsd@corpit.ru">rbldnsd@corpit.ru</a>
<a class="moz-txt-link-freetext" href="http://www.corpit.ru/mailman/listinfo/rbldnsd">http://www.corpit.ru/mailman/listinfo/rbldnsd</a>
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->
</pre>
<blockquote type="cite">
<pre wrap="">I use BIND and rbldnsd on the same server here. I have BIND bound to
127.0.0.1, 192.168.x.4 and 209.172.152.4. I have rbldnsd bound to
209.172.152.6. Why do you need rbldnsd bound to the loopback? And if
BIND is bound to 127.0.0.1, I can understand why rbldnsd would not bind
to 127.0.0.x. I don't remember in this thread if you stated BIND was
bound to 127.0.0.1 or not.
</pre>
</blockquote>
<pre wrap=""><!---->
Indeed. 127.0.0.1 is almost always configured, and bound-to in BIND, as
well as the 127.0.0 block as a zone itself. A difference in the 9.4 version
of the BIND vs. 9.3 is that it comes with a 127.in-addr.arpa zone. Which
greatly enlarges the default "loopback" block from it's previous default
127.0.0.0/24. So in answer to your question - yes, I have a "loopback"
zone, and the BIND /is/ using 127.0.0.1 on port 953 (the control zone
for RNDC). The "loopback" zone I defined is a 127.0.0.0/24 (254 IP's)
which has always been more than enough for my needs. As a matter of fact
the only IP strictly defined in it is 1.0.0.127-in-addr.arpa.
Also, as far as the BIND is concerned; the only reference(s) to the
RBLDNSD IP's is the "blackhole" zone defined as follows:
zone "blackhole.nomorespam.COM" {
type forward;
forward only;
forwarders { <internet routable IP> port 530; };
};
No mention of the loopback block here. The place it's used is in
RBLDNSD's zone:
blackhole.nomorespam.COM:ip4tset:clients
:127.0.0.2:REFUSED! Too much abuse from the $ network, goodbye...
111.222.333.444
555.666.777.888
...
999.000.111.222
Note the use of 127.0.0.2 above. I use 127.0.0.3
in a ip4set also. The command line uses: -b <my internet routable IP>/530
I only used any of the "loopback" addresses on the command line to test
for issues with RBLDNSD binding to (using) the IP's I defined in the
zones (ip4tset || ip4set). I had no trouble on a BIND-9.3 server. This
all only became a problem on a BIND-9.4 server. I hope this was clearer.
Thank you for taking the time to respond.
--Chris H
</pre>
</blockquote>
What you have for information in your zone files is immaterial to what
addresses/ports named or rbldnsd bind to. The reference to 127.0.0.2
above is in reference to the answer(content of the zone files) rbldnsd
will gives back when queried and nothing to do with what address/port
rbldnsd is listening to. The term 'bind' as a verb references the
ablility of a process to attach itself to an ip address/port
combination. I think part of the problem here is the terminology used
here. You may be stating your question in a manner that is confusing
as to what your issue is.<br>
<br>
When you use the -b command line parameter, that binds rbldnsd to an ip
address/port comination and has nothing to do with the data it answers
for(contents of it's zone files). For my inhouse use, I have a zone
defined as rbl.lcrcomputer.com and put an ns record in BIND/named's
zone files. So my queries for my blacklist would be of the form:<br>
<br>
dig 2.0.0.127.rbl.lcrcomputer.com<br>
<br>
or to ask about 209.172.152.2<br>
<br>
dig 2.152.172.209.rbl.lcrcomputer.com<br>
<br>
and in my lcrcomputer.com zone file in Bind/named, I have:<br>
<br>
rbl.lcrcomputer.com. in ns ns1.lcrcomputer.net<br>
<br>
And in my lcrcomputer.net zone:<br>
<br>
ns1.lcrcomputer.net in a 209.172.152.4<br>
<br>
And no it's not accessable via the Internet, it's an internal only
service.<br>
<br>
If 209.172.152.2 is listed in my rbl zone, rbldnsd gives back the
answer in the form of a A record giving 127.0.0.1(or .2 for your
zone). If that ip is not listed in your rbl zone, rbldnsd gives back a
not found answer.<br>
<br>
Lyle<br>
<br>
<br>
</body>
</html>