[rbldnsd] how to make public (DNS)RBL?

Chris. cth at fastmail.ca
Thu May 14 01:43:30 MSD 2009 

Hello Jon, and thank you for your reply...

On Wed, 13 May 2009 17:08:09 -0400 (EDT), Jon Lewis wrote...

> On Wed, 13 May 2009, Chris. wrote:
> 
>> I was wondering what the /best/ method/recipe would be to create a
>> /public/ blocklist - not unlike spamcop, spamhaus, dnsbl, ordb,
>> etc... I understand that techtheft.info doesn't think I should/want
>> me to, but it's /my/ network, and /I/ want to. :)
>> So, here's the deal; I've been working on a "trap" system for about a
>> year. I can now say it works better than anything else available on
>> the net - so why not share the benefits with all?
>> So here's my current layout:
>> Assuming my domain name is explodingspam (com, net, org)
>> that the box that it's on is fuse.explodingspam.com
>> that it is running the BIND
>> that explodingspam.com is using one internet routable IP.
> 
> I'll offer a few pieces of advice.
> 
> 1) Use a disposable domain.  If explodingspam.com is your domain, and
> you intend to keep it long term for other purposes than the public
> DNSBL, don't use it for the DNSBL.  Figure out another domain name to
> use dedicated to the DNSBL.  This makes it much easier to shut it down
> and make all the traffic stop/go away when you eventually do shut it
> down.

Understood. explodingspam is only an example, but the one I'll be using
is already registered/working/and yes, disposable. :)

> 
> 2) If your system is as good as you say, you're going to need multiple
> rbldnsd servers and some bandwidth.  Don't expect to be able to do
> this on a single colo machine or (worse) your home system on cable or
> DSL.

Understood.

> 
> 3) rbldnsd is intended to be a DNSBL name server only.  If you're
> doing authoratative DNS or caching DNS, you'll want/need to continue
> to run something else for that (bind, djb's tools, etc.) and you're
> going to need multiple IP addresses.

Thanks, I wasn't sure about this. But thought I'd ask, as it'd be
alot simpler if I only had to muck around with conf's/scripts for
one DNS. :)


Thanks again Jon for your thoughtful reply.

--Chris

> 
> ----------------------------------------------------------------------
> Jon Lewis                   |  I route
> Senior Network Engineer     |  therefore you are
> Atlantic Net                |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
> _______________________________________________
> rbldnsd mailing list
> rbldnsd at corpit.ru
> http://www.corpit.ru/mailman/listinfo/rbldnsd
_________________________________________________________________
    http://fastmail.ca/ - Fast Secure Web Email for Canadians

More information about the rbldnsd mailing list