[rbldnsd] ACL query

Benedict White Benedict.White at cse-ltd.co.uk
Tue May 12 13:32:40 MSD 2009 


>I would probably put an NS and SOA in the zone file:
>$SOA 3000 ns1.example.com admin.example.com 0 600 300 86400 300
># Start of authority record (TTL 3000), with serial (0) computed as
># a timestamp of data file
>$NS 3000 ns1.example.com ns2.example.com
># two nameservers
>
>In your orginal message you were querying for hotbox.tst, but your testzonefile.txt shows www.hotbox.tst.
>hotbox.tst won't match www.hotbox.tst.
>
Ah, I changed that entry whilst testing. I have now also found that the zonefile reloads when changed
automatically which is great.

>
>
>Your orginal query was to 192.168.0.10, but the log file shows rbldnsd listening on 192.168.10.1
>
>Try:
>
>dig @192.168.10.1 somedomain.com.surbl.internal.mydomain
>
>The format of the data in your testzonefile.txt is correct, I would just add the SOA and NS lines.

The reason for the typos is that I am editing the IP addresses I am posting here. I appreaciate If
I make typos in that it looks silly and is not helpful. Sorry!

However, I now get replies and and entries in the log file as follows:

A dig:
dig @192.168.0.10 somedomain.com.surbl.internal.cse-ltd

; <<>> DiG 9.6.0-P1 <<>> @192.168.0.10 somedomain.com.surbl.internal.cse-ltd
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7929
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;somedomain.com.surbl.internal.cse-ltd. IN A

;; ANSWER SECTION:
somedomain.com.surbl.internal.cse-ltd. 2100 IN A 127.0.0.2

;; Query time: 11 msec
;; SERVER: 192.168.0.10#53(192.168.0.10)
;; WHEN: Tue May 12 10:06:30 2009
;; MSG SIZE  rcvd: 71

And I get the following in the log file:

1242119287 192.168.0.102 somedomain.com.surbl.internal.cse-ltd A IN: NOERROR/1/71

I presume that this is what I am expecting?

The next problem I have is getting the Spamassassin server to query this one.

I have checked that Spamassassin is using some open URI blockers and they work.

I have my RBLDNSD server internally so have made an entry in the hosts file of the
spamassassin server to say where it is.

I also have this in a .cf file.

uridnsbl        CSE_SBL       surbl.internal.cse-ltd.       TXT
body            CSE_SBL       eval:check_uridnsbl('CSE_SBL')
describe        CSE_SBL       Contains an URL listed in the SBL blocklist
tflags          CSE_SBL       net
#reuse          CSE_SBL

score   CSE_SBL 5.15

The entries in the hosts file are like this:
192.168.0.10 surbl.internal.cse-ltd
192.168.0.10 internal.cse-ltd

However the server is not getting any DNS queries at all.

Any ideas anyone?

Kind Regards

Benedict White

More information about the rbldnsd mailing list