Re: RFC 5966 and rbldnsd
On Sun, Dec 4, 2011 at 6:17 PM, Matus UHLAR - fantomas wrote: >> | -d Dump all zones to stdout in BIND format and exit. This may be >> >> That's what we use for the BIND export of dnswl.org data (create >> rbldnsd-formatted file, and let rbldnsd -d create the BIND file). > > hmmm didn't know about this one. But don't you think it's worth it? rbldnsd > can automatically reread data files when they change, and takes up much less > memory. I don't think TCP is that important for this kind of service... Memory consumption for the relatively modest-sized dnswl.org data is not really an issue, as is the automatic rereading for the data that changes slowly (yes, it's different for a typical blacklist). The reason to use BIND vary with the use case. Corporate environments may be fine with running some version of BIND (and they may be doing that already), but may not want to invest in getting rbldnsd up and running in production quality. For our own purpose, having more than only rbldnsd serves to mitigate the (security-) risks of a monoculture. As this is getting heavily off-topic for this list, please take responses off-list. -- Matthias
Re: RFC 5966 and rbldnsd
1: use rbldnsd to dump zone to bind.zone (Gigaram usage) On Fri, Dec 2, 2011 at 4:02 PM, Matus UHLAR - fantomas wrote: I doubt rbldns is able to dump zone content. many DNSBL providers support also BIND format. Note that BIND takes much more RAM space On 02.12.11 17:22, Matthias Leisi wrote: man rbldnsd: | -d Dump all zones to stdout in BIND format and exit. This may be That's what we use for the BIND export of dnswl.org data (create rbldnsd-formatted file, and let rbldnsd -d create the BIND file). hmmm didn't know about this one. But don't you think it's worth it? rbldnsd can automatically reread data files when they change, and takes up much less memory. I don't think TCP is that important for this kind of service... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Have you got anything without Spam in it? - Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
Re: RFC 5966 and rbldnsd
On Fri, Dec 2, 2011 at 4:02 PM, Matus UHLAR - fantomas wrote: > 1: use rbldnsd to dump zone to bind.zone (Gigaram usage) >> > > I doubt rbldns is able to dump zone content. > many DNSBL providers support also BIND format. > Note that BIND takes much more RAM space man rbldnsd: | -d Dump all zones to stdout in BIND format and exit. This may be That's what we use for the BIND export of dnswl.org data (create rbldnsd-formatted file, and let rbldnsd -d create the BIND file). -- Matthias
Re: RFC 5966 and rbldnsd
On 02.12.11 15:52, Benny Pedersen wrote: if rbldnsd does only UDP will not give problems for bind local cache, or isp remote dns servers in forwards ? I don't think so. hope rbldns hosters dont sleep here 2 ways of workaround is: work around what? 1: use rbldnsd to dump zone to bind.zone (Gigaram usage) I doubt rbldns is able to dump zone content. many DNSBL providers support also BIND format. Note that BIND takes much more RAM space 2: let bind use forwards zones to rbldnsd master (Megaram usage) we use that, but ... what are you talking about? rbldns is not recursive, so even if we did not, it's BIND who'd query rbldnsd, not clients todo ipv6 in rbldnsd while talking about ipv6 queries, not a big problem. However, with ipv6 blacklisting will apparently look different... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are
RFC 5966 and rbldnsd
http://tools.ietf.org/html/rfc5966 if rbldnsd does only UDP will not give problems for bind local cache, or isp remote dns servers in forwards ? hope rbldns hosters dont sleep here 2 ways of workaround is: 1: use rbldnsd to dump zone to bind.zone (Gigaram usage) 2: let bind use forwards zones to rbldnsd master (Megaram usage) comments ? todo ipv6 in rbldnsd