[rbldnsd] how to make public (DNS)RBL?

Steven Champeon schampeo at hesketh.com
Thu May 14 01:23:44 MSD 2009 

on Wed, May 13, 2009 at 05:08:09PM -0400, Jon Lewis wrote:
> I'll offer a few pieces of advice.
>
> 1) Use a disposable domain.  If explodingspam.com is your domain, and you 
> intend to keep it long term for other purposes than the public DNSBL, don't 
> use it for the DNSBL.  Figure out another domain name to use dedicated to 
> the DNSBL.  This makes it much easier to shut it down and make all the 
> traffic stop/go away when you eventually do shut it down.
>
> 2) If your system is as good as you say, you're going to need multiple 
> rbldnsd servers and some bandwidth.  Don't expect to be able to do this on 
> a single colo machine or (worse) your home system on cable or DSL.
>
> 3) rbldnsd is intended to be a DNSBL name server only.  If you're doing 
> authoratative DNS or caching DNS, you'll want/need to continue to run 
> something else for that (bind, djb's tools, etc.) and you're going to need 
> multiple IP addresses.

4) think REALLY HARD about this for a while and decide if you REALLY
want to devote your life (or some portion of it) to having other
people's mail servers rely on YOU for free 24/7/365. Even after you've
decided to stop providing the service, announced its demise to the four
winds, etc.

5) consider charging for the service from the start, so you may be
able to afford the unforeseen costs that will be associated with the
service in the event of its success. Recent years have seen a marked
shift away from freely and publicly available DNS-based blocklists
to for-profit (or at least sustainable) models. 

6) naturally, because successful blacklists are the target of those
who they are intended to drive out of business, you WILL get DDoS'd
at some point. I sure hope that being DDoS'd doesn't have a material
impact on your, or others', businesses. Also, make sure that you know
how to monitor for, and ameliorate, such events.

7) if you have to ask this list for basic instructions on how to 
provide an IP-based DNSBL using rbldnsd, you're NOT READY. 

I offer this in the friendly spirit of someone who's seen many others
go ranting mad after a few months of offering DNSBLs. 

hth,
Steve

-- 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/
antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/

More information about the rbldnsd mailing list