[rbldnsd] Cookbook info about setting up rbldnsd

Michael Tokarev mjt at tls.msk.ru
Wed Mar 10 00:46:17 MSK 2004 

Brian wrote:
> Ok,
> 
> In trying to follow..
> 
> (I'm trying to make sure this works)
> 
> grep dnsbl data
> Za.dnsbl.bsdwebsolutions.com:a.dnsbl.bsdwebsolutions.com:hostmaster.bsdwebsolutions.com 
> Zb.dnsbl.bsdwebsolutions.com:b.dnsbl.bsdwebsolutions.com:hostmaster.bsdwebsolutions.com 
> &a.dnsbl.bsdwebsolutions.com::a.dnsbl.bsdwebsolutions.com
> &b.dnsbl.bsdwebsolutions.com::b.dnsbl.bsdwebsolutions.com
> =dnsbl.bsdwebsolutions.com:64.72.68.24:3600
> +a.dnsbl.bsdwebsolutions.com:64.72.68.24:3600
> +b.dnsbl.bsdwebsolutions.com:64.72.68.24:3600

I'm not an expert in this stuff - I know almost nothing about tinydns.
The cryptic stuff above - I *think* - declares the following DNS records
(correct me if I'm wrong):

SOA for a.dnsbl.bsdwebsolutions.com (and b...)
NS for a.dnsbl.bsdwebsolutions.com is a.dnsbl.bsdwebsolutions.com
  (ditto for b.)
CNAME (?) for dnsbl.bsdwebsolutions.com to be 64.72.68.24
A for a.dnsbl.bsdwebsolutions.com is 64.72.68.24

I may be reading all this wrong, but not entirely, -
the stuff can't be *so* wrong, even if I'm reading it
incorrectly.

You have to do *exactly* the same steps as you would do to
delegate any subzone of your domain to some other nameserver.
I think this is described somewhere at djbdns site (it should
be at least).

Basically, only ONE record is needed, that tells that
a.dnsbl.bsdwebsolutions.com is handled by a different
NameServer (ditto for b.).  IE, you only need to have
ONE NS RECORD:

  a.dnsbl.bsdwebsolutions.com NS your.rbldnsd.machine.name

If your rbldnsd machine already have A record, just use
it there.  If not, you have to create it (the name, ie
the A record).  Let it be say, a.rbldns.bsdwebsolutions.com.
It should be in different zone, not in the zone you're
delegating to rbldnsd, because it is not a general-purpose
nameserver (this is described in manpage), and because
this way you're creating chicken&eggs problem.

In the example data you provided, there's one serious
problem:

   all stuff for a.dnsbl.bsdwebsolutions.com belongs to
   nameserver responsible for that zone.  Only NS record
   should be in parent zone.  Your tinydns thinks *it* is
   responsive for the zone, because of the SOA records.

Plus, you somehow have that chicken&eggs problem, but
you "solved" it by providing glue records for your
nameserver (NS) - A recs act as a glue.


Again.  The whole stuff is standard zone subdelegation.
Nothing fancy at all.  Just read documentation for *your*
general-purpose nameserver (there are dozens, I can't
know every one) about how to perform it properly.  And,
first of all, read something about DNS in general - what
is SOA&NS, what is subdelegation after all...

Sorry, I'm in a bad mood today... ;))

HTH.

/mjt

More information about the rbldnsd mailing list