Here's the same script without the stupid dupes in the "for" items,
sorted, and in multiline format for easier reading:
/usr/local/bin/mx_mysender.sh :
#!/bin/sh
cp /dev/null /var/tmp/mx_mysender.tmp
for tld in \
ac\
cc\
com\
cx\
mp\
museum\
net\
nu\
ph\
pw\
sh\
td\
tk\
tm\
ws ; do
echo $tld
/usr/bin/dig *.$tld +noau +noad |\
awk '/^\*\./ { print $5}' |\
awk '{print $1" reject wildcard_tld"}' \
>> /var/tmp/mx_mysender.tmp
done
/usr/bin/sort -f < /var/tmp/mx_mysender.tmp | uniq -i >
/var/tmp/mx_mysender.map
cp /var/tmp/mx_mysender.map /etc/postfix/mx_mysender.map
/usr/sbin/postmap /etc/postfix/mx_mysender.map
exit 0
I've also upgraded BIND8 on a few MX boxes to BIND9, so as well as
configging postfix, BIND is returning:
# dig alkjfaljajal.com
gives negative answer NoteXistingDOMAIN:
; <<>> DiG 8.3 <<>> alkjfaljajal.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2 <<<<<<<<<<<<<<<<<<
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; alkjfaljajal.com, type = A, class = IN
;; Total query time: 16 msec
;; FROM: mx4.netwood.net to SERVER: default -- 127.0.0.1
;; WHEN: Fri Sep 19 06:01:37 2003
;; MSG SIZE sent: 34 rcvd: 34
======================
I strongly reocommend use of "include" facility in BIND zone and server
config files.
Here's what I do in bind9:
in named.conf:
include "/etc/namedb/deleg-only.conf";
the file /etc/namedb/deleg-only.conf
contains only:
zone "ac" { type delegation-only; };
zone "cc" { type delegation-only; };
zone "com" { type delegation-only; };
zone "cx" { type delegation-only; };
zone "mp" { type delegation-only; };
zone "museum" { type delegation-only; };
zone "net" { type delegation-only; };
zone "nu" { type delegation-only; };
zone "ph" { type delegation-only; };
zone "pw" { type delegation-only; };
zone "sh" { type delegation-only; };
zone "td" { type delegation-only; };
zone "tk " { type delegation-only; };
zone "tm" { type delegation-only; };
zone "ws" { type delegation-only; };
BIND announces the queries for garbage domain under deleg only zones in
logging:
Sep 19 02:37:35 mx4 named[27140]: starting BIND 9.2.3rc2 -c
/etc/namedb/named.conf
Sep 19 02:37:35 mx4 named[27140]: command channel listening on 0.0.0.0#953
Sep 19 02:41:49 mx4 named[27140]: enforced delegation-only for 'COM'
(ericanexpress.com)
Sep 19 02:41:50 mx4 named[27140]: enforced delegation-only for 'COM'
(mailexicite.com)
Sep 19 02:44:06 mx4 named[27140]: enforced delegation-only for 'COM'
(9130020.COM)
Sep 19 02:47:45 mx4 named[27140]: enforced delegation-only for 'COM'
(alkjfaljajal.com)
Sep 19 03:30:53 mx4 named[27140]: enforced delegation-only for 'COM'
(wsntv75111studio.com)
Sep 19 03:58:57 mx4 named[27140]: enforced delegation-only for 'COM'
(imalab.com)
Sep 19 04:15:34 mx4 named[27140]: enforced delegation-only for 'COM'
(xxayib.com)
Sep 19 04:29:26 mx4 named[27140]: enforced delegation-only for 'COM'
(lts-employ.com)
Sep 19 04:32:56 mx4 named[27140]: enforced delegation-only for 'COM' (zofc.com)
Sep 19 04:33:09 mx4 named[27140]: enforced delegation-only for 'COM' (zofc.com)
Sep 19 04:33:25 mx4 named[27140]: enforced delegation-only for 'COM'
(mx144.certqts.com)
Sep 19 05:04:22 mx4 named[27140]: enforced delegation-only for 'COM'
(mail.oceanicspcials.com)
Sep 19 05:04:30 mx4 named[27140]: enforced delegation-only for 'COM'
(mail.oceanicspcials.com)
Sep 19 05:09:43 mx4 named[27140]: enforced delegation-only for 'COM'
(mail2.optinexchance.com)
Sep 19 05:14:25 mx4 named[27140]: enforced delegation-only for 'COM'
(05030.com)
Sep 19 05:15:16 mx4 named[27140]: enforced delegation-only for 'COM'
(hddtg.com)
Sep 19 05:15:29 mx4 named[27140]: enforced delegation-only for 'COM'
(SNE2kFE02.e2k.sxmobileweb.com)
Sep 19 05:15:29 mx4 named[27140]: enforced delegation-only for 'COM'
(SNE2kFE02.e2k.sxmobileweb.com)
Sep 19 05:22:27 mx4 named[27140]: enforced delegation-only for 'COM'
(mail.oceanicspcials.com)
Sep 19 05:37:31 mx4 named[27140]: enforced delegation-only for 'net'
(chenneli.net)
Sep 19 05:48:06 mx4 named[27140]: enforced delegation-only for 'COM'
(bscg-nj.com)
Sep 19 05:50:59 mx4 named[27140]: enforced delegation-only for 'COM'
(mail.oceanicspcials.com)
Sep 19 05:58:58 mx4 named[27140]: enforced delegation-only for 'COM'
(firththirdbank.com)
Sep 19 06:01:37 mx4 named[27140]: enforced delegation-only for 'COM'
(alkjfaljajal.com)
Sep 19 06:03:06 mx4 named[27140]: enforced delegation-only for 'net' (t2n.net)
but BIND9 does not announce these TLD zones as true zones:
# /usr/local/sbin/rndc status
number of zones: 2 <<<<<<<<<<<<<
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
server is up and running
Len
