[rbldnsd] how to make public (DNS)RBL?
Chris.
cth at fastmail.ca
Thu May 14 01:46:59 MSD 2009
Hello Lyle, and thank you for your reply...
On Wed, 13 May 2009 16:14:52 -0500, Lyle Giese wrote...
> Jon Lewis wrote:
>> On Wed, 13 May 2009, Chris. wrote:
>>
>>> I was wondering what the /best/ method/recipe would be to create a
>>> /public/ blocklist -
>>> not unlike spamcop, spamhaus, dnsbl, ordb, etc...
>>> I understand that techtheft.info doesn't think I should/want me to,
>>> but it's /my/ network,
>>> and /I/ want to. :)
>>> So, here's the deal; I've been working on a "trap" system for about
>>> a year. I can now say
>>> it works better than anything else available on the net - so why not
>>> share the benefits
>>> with all?
>>> So here's my current layout:
>>> Assuming my domain name is explodingspam (com, net, org)
>>> that the box that it's on is fuse.explodingspam.com
>>> that it is running the BIND
>>> that explodingspam.com is using one internet routable IP.
>>
>> I'll offer a few pieces of advice.
>>
>> 1) Use a disposable domain. If explodingspam.com is your domain, and
>> you intend to keep it long term for other purposes than the public
>> DNSBL, don't use it for the DNSBL. Figure out another domain name to
>> use dedicated to the DNSBL. This makes it much easier to shut it down
>> and make all the traffic stop/go away when you eventually do shut it
>> down.
>>
>> 2) If your system is as good as you say, you're going to need
>> multiple rbldnsd servers and some bandwidth. Don't expect to be able
>> to do this on a single colo machine or (worse) your home system on
>> cable or DSL.
>>
>> 3) rbldnsd is intended to be a DNSBL name server only. If you're
>> doing authoratative DNS or caching DNS, you'll want/need to continue
>> to run something else for that (bind, djb's tools, etc.) and you're
>> going to need multiple IP addresses.
>>
>> ---------------------------------------------------------------------
>> Jon Lewis | I route
>> Senior Network Engineer | therefore you are
>> Atlantic Net |
>> _________ http://www.lewis.org/~jlewis/pgp for PGP public
>> key_________ _______________________________________________
>> rbldnsd mailing list
>> rbldnsd at corpit.ru
>> http://www.corpit.ru/mailman/listinfo/rbldnsd
> These are good suggestions. I would add one more. Allow rsync'ing of
> the zone files and limit the connections per hour per ip to prevent
> abuse.
>
> You may in the long term suggest that users of your system only use
> rsynced zone files past a certain per hour or day query limit.
Good point, and reminds me of another question I was going to ask - but
forgot...
Has anyone used an RCS for serving the zones? Like CVSUP, etc.
Thanks again Lyle for taking the time to reply.
--Chris
>
> Lyle Giese
> LCR Computer Services, Inc.
>
> _______________________________________________
> rbldnsd mailing list
> rbldnsd at corpit.ru
> http://www.corpit.ru/mailman/listinfo/rbldnsd
_________________________________________________________________
http://fastmail.ca/ - Fast Secure Web Email for Canadians
More information about the rbldnsd
mailing list