rbldnsd compatible free rsync-able feeds?
To test a procedure we'd like to implement, we'd need RBL feeds that we may rsync from for free and load into rbldnsd. If they are hours old is not a problem. Can you list some? Thank you
Re: rbldnsd
On Monday 17 October 2016 at 17:14:18, Bill Cole wrote: > On 17 Oct 2016, at 9:04, Antony Stone wrote: > > DNS runs over UDP, not TCP. > > True AND false. Agreed; thanks for the detailed clarification, however I was answering a question specifically about rbldnsd. > A DNS server that does not speak TCP is not a complete DNS server. It > may be adequate for purpose (a DNSBL may never have any answer larger > than 512 bytes, for example) but that's a different thing. Indeed. Antony. -- Users don't know what they want until they see what they get. Please reply to the list; please *don't* CC me.
Re: rbldnsd
On 17 Oct 2016, at 9:04, Antony Stone wrote: DNS runs over UDP, not TCP. True AND false. Most DNS queries can be answered in a single UDP packet and so most queries are tried over UDP first. Traditionally, DNS answers over UDP were limited to 512 bytes, although modern extensions typically allow responses that fill a traditional Ethernet frame (1500 bytes, possibly reduced by intermediary VLAN tags or other constraints). Some answers are too long for whatever limit is in effect and so are sent in truncated form with the DNS 'truncated' flag set. Usually a client will then retry the query via TCP to get a complete reliable answer. In addition, all zone transfers are done over TCP. A DNS server that does not speak TCP is not a complete DNS server. It may be adequate for purpose (a DNSBL may never have any answer larger than 512 bytes, for example) but that's a different thing.
Re: R: rbldnsd
On Mon, 17 Oct 2016 13:18:23 + Nicola Piazzi wrote: > THX Antony > Service works, but at now how can i address query to this server ? > And the service name test how must be inserted in the query ? There are plenty of examples in the stock rules.
Re: R: rbldnsd
This is OT on this list. here is all the info: http://www.corpit.ru/mjt/rbldnsd/rbldnsd.8.html if you need more hand holding, pls use the rbdlsnd list On 10/17/2016 03:18 PM, Nicola Piazzi wrote: THX Antony Service works, but at now how can i address query to this server ? And the service name test how must be inserted in the query ? usr/sbin/rbldnsd -n -b localhost/53 test:ip4tset:/rbldnsd/test.txt Nicola Piazzi CED - Sistemi COMET s.p.a. Via Michelino, 105 - 40127 Bologna – Italia Tel. +39 051.6079.293 Cell. +39 328.21.73.470 Web: www.gruppocomet.it -Messaggio originale- Da: Antony Stone [mailto:antony.st...@spamassassin.open.source.it] Inviato: lunedì 17 ottobre 2016 15:04 A: users@spamassassin.apache.org Oggetto: Re: rbldnsd On Monday 17 October 2016 at 15:00:08, Nicola Piazzi wrote: Someone use dnsrbld to create personal rbl ? I am unable to bind to port 53 (and other ports) Oh? I start and it tell that bind : [root@EFALIST rbldnsd]# ./start.sh rbldnsd: listening on ::1/53 rbldnsd: listening on 127.0.0.1/53 So, it's listening on port 53, both IPv4 and IPv6. rbldnsd: ip4tset:/rbldnsd/test.txt: 20161017 101633: cnt=2 rbldnsd: zones reloaded, time 0.0e/0.0u sec, mem arena=284 free=131 mmap=0 Kb rbldnsd: rbldnsd version 0.998 (05 Dec 2015) started (2 socket(s), 1 zone(s)) Looks happy to me. But when I ipscan this host I found open only ports that belongs to other services and not 53 : [root@EFALIST ~]# nmap -sT -O localhost Try U instead of T. DNS runs over UDP, not TCP. Antony. -- I wasn't sure about having a beard at first, but then it grew on me. Please reply to the list; please *don't* CC me.
R: rbldnsd
THX Antony Service works, but at now how can i address query to this server ? And the service name test how must be inserted in the query ? usr/sbin/rbldnsd -n -b localhost/53 test:ip4tset:/rbldnsd/test.txt Nicola Piazzi CED - Sistemi COMET s.p.a. Via Michelino, 105 - 40127 Bologna – Italia Tel. +39 051.6079.293 Cell. +39 328.21.73.470 Web: www.gruppocomet.it -Messaggio originale- Da: Antony Stone [mailto:antony.st...@spamassassin.open.source.it] Inviato: lunedì 17 ottobre 2016 15:04 A: users@spamassassin.apache.org Oggetto: Re: rbldnsd On Monday 17 October 2016 at 15:00:08, Nicola Piazzi wrote: > Someone use dnsrbld to create personal rbl ? > I am unable to bind to port 53 (and other ports) Oh? > I start and it tell that bind : > > [root@EFALIST rbldnsd]# ./start.sh > rbldnsd: listening on ::1/53 > rbldnsd: listening on 127.0.0.1/53 So, it's listening on port 53, both IPv4 and IPv6. > rbldnsd: ip4tset:/rbldnsd/test.txt: 20161017 101633: cnt=2 > rbldnsd: zones reloaded, time 0.0e/0.0u sec, mem arena=284 free=131 > mmap=0 Kb rbldnsd: rbldnsd version 0.998 (05 Dec 2015) started (2 > socket(s), 1 > zone(s)) Looks happy to me. > But when I ipscan this host I found open only ports that belongs to > other services and not 53 : > > [root@EFALIST ~]# nmap -sT -O localhost Try U instead of T. DNS runs over UDP, not TCP. Antony. -- I wasn't sure about having a beard at first, but then it grew on me. Please reply to the list; please *don't* CC me.
Re: rbldnsd
On Monday 17 October 2016 at 15:00:08, Nicola Piazzi wrote: > Someone use dnsrbld to create personal rbl ? > I am unable to bind to port 53 (and other ports) Oh? > I start and it tell that bind : > > [root@EFALIST rbldnsd]# ./start.sh > rbldnsd: listening on ::1/53 > rbldnsd: listening on 127.0.0.1/53 So, it's listening on port 53, both IPv4 and IPv6. > rbldnsd: ip4tset:/rbldnsd/test.txt: 20161017 101633: cnt=2 > rbldnsd: zones reloaded, time 0.0e/0.0u sec, mem arena=284 free=131 mmap=0 > Kb rbldnsd: rbldnsd version 0.998 (05 Dec 2015) started (2 socket(s), 1 > zone(s)) Looks happy to me. > But when I ipscan this host I found open only ports that belongs to other > services and not 53 : > > [root@EFALIST ~]# nmap -sT -O localhost Try U instead of T. DNS runs over UDP, not TCP. Antony. -- I wasn't sure about having a beard at first, but then it grew on me. Please reply to the list; please *don't* CC me.
rbldnsd
Someone use dnsrbld to create personal rbl ? I am unable to bind to port 53 (and other ports) I start and it tell that bind : [root@EFALIST rbldnsd]# ./start.sh rbldnsd: listening on ::1/53 rbldnsd: listening on 127.0.0.1/53 rbldnsd: ip4tset:/rbldnsd/test.txt: 20161017 101633: cnt=2 rbldnsd: zones reloaded, time 0.0e/0.0u sec, mem arena=284 free=131 mmap=0 Kb rbldnsd: rbldnsd version 0.998 (05 Dec 2015) started (2 socket(s), 1 zone(s)) But when I ipscan this host I found open only ports that belongs to other services and not 53 : [root@EFALIST ~]# nmap -sT -O localhost Starting Nmap 6.40 ( http://nmap.org ) at 2016-10-17 14:56 CEST Nmap scan report for localhost (127.0.0.1) Host is up (0.52s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ). TCP/IP fingerprint:
Re: RFC 5966 and rbldnsd
1: use rbldnsd to dump zone to bind.zone (Gigaram usage) On Fri, Dec 2, 2011 at 4:02 PM, Matus UHLAR - fantomas uh...@fantomas.skwrote: I doubt rbldns is able to dump zone content. many DNSBL providers support also BIND format. Note that BIND takes much more RAM space On 02.12.11 17:22, Matthias Leisi wrote: man rbldnsd: | -d Dump all zones to stdout in BIND format and exit. This may be That's what we use for the BIND export of dnswl.org data (create rbldnsd-formatted file, and let rbldnsd -d create the BIND file). hmmm didn't know about this one. But don't you think it's worth it? rbldnsd can automatically reread data files when they change, and takes up much less memory. I don't think TCP is that important for this kind of service... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Have you got anything without Spam in it? - Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
Re: RFC 5966 and rbldnsd
On Sun, Dec 4, 2011 at 6:17 PM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: | -d Dump all zones to stdout in BIND format and exit. This may be That's what we use for the BIND export of dnswl.org data (create rbldnsd-formatted file, and let rbldnsd -d create the BIND file). hmmm didn't know about this one. But don't you think it's worth it? rbldnsd can automatically reread data files when they change, and takes up much less memory. I don't think TCP is that important for this kind of service... Memory consumption for the relatively modest-sized dnswl.org data is not really an issue, as is the automatic rereading for the data that changes slowly (yes, it's different for a typical blacklist). The reason to use BIND vary with the use case. Corporate environments may be fine with running some version of BIND (and they may be doing that already), but may not want to invest in getting rbldnsd up and running in production quality. For our own purpose, having more than only rbldnsd serves to mitigate the (security-) risks of a monoculture. As this is getting heavily off-topic for this list, please take responses off-list. -- Matthias
RFC 5966 and rbldnsd
http://tools.ietf.org/html/rfc5966 if rbldnsd does only UDP will not give problems for bind local cache, or isp remote dns servers in forwards ? hope rbldns hosters dont sleep here 2 ways of workaround is: 1: use rbldnsd to dump zone to bind.zone (Gigaram usage) 2: let bind use forwards zones to rbldnsd master (Megaram usage) comments ? todo ipv6 in rbldnsd
Re: RFC 5966 and rbldnsd
On 02.12.11 15:52, Benny Pedersen wrote: if rbldnsd does only UDP will not give problems for bind local cache, or isp remote dns servers in forwards ? I don't think so. hope rbldns hosters dont sleep here 2 ways of workaround is: work around what? 1: use rbldnsd to dump zone to bind.zone (Gigaram usage) I doubt rbldns is able to dump zone content. many DNSBL providers support also BIND format. Note that BIND takes much more RAM space 2: let bind use forwards zones to rbldnsd master (Megaram usage) we use that, but ... what are you talking about? rbldns is not recursive, so even if we did not, it's BIND who'd query rbldnsd, not clients todo ipv6 in rbldnsd while talking about ipv6 queries, not a big problem. However, with ipv6 blacklisting will apparently look different... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are
Re: RFC 5966 and rbldnsd
On Fri, Dec 2, 2011 at 4:02 PM, Matus UHLAR - fantomas uh...@fantomas.skwrote: 1: use rbldnsd to dump zone to bind.zone (Gigaram usage) I doubt rbldns is able to dump zone content. many DNSBL providers support also BIND format. Note that BIND takes much more RAM space man rbldnsd: | -d Dump all zones to stdout in BIND format and exit. This may be That's what we use for the BIND export of dnswl.org data (create rbldnsd-formatted file, and let rbldnsd -d create the BIND file). -- Matthias
rbldnsd vs bind and udp vs tcp querys
does spamassassin make tcp dnsbl testing ?, eg is udp forced ? reason is that most rbldnsd server only support udp, but bind try tcp if it setup global for edns0, or udp fails have anyone a way to solve it ?
Free SURBL sources + rbldnsd extensive docs + configuring spamassin with new surbl source?
Hi, i wanted to set up my own surbl server, unfortunately, not much information is available around, most of the time am bumping into this http://www.surbl.org/public-dns.html, but well, getting rsync data feed access from surbl.org is way too expensive for a bunch of kids at school. Is there some sort of free list out there that i can rsync from and then if there's any guide/docs that i could follow to get my spamassassin to query my local surbl server. Thanks -- $3|v3n
Re: Free SURBL sources + rbldnsd extensive docs + configuring spamassin with new surbl source?
On 2010-09-28 9:28, selven wrote: Hi, i wanted to set up my own surbl server, unfortunately, not much information is available around, most of the time am bumping into this http://www.surbl.org/public-dns.html, but well, getting rsync data feed access from surbl.org is way too expensive for a bunch of kids at school. Is there some sort of free list out there that i can rsync from and then if there's any guide/docs that i could follow to get my spamassassin to query my local surbl server. What's wrong with querying the public servers? SURBL/URIBL DBL are free if you remain below their heavy traffic usage policies. The Invaluement.com lists are not free for public querying but an interesting alternative as well. If, as you say, you only cater for a bunch of kids at school you shouldn't be hitting the BL's thresholds.
Re: Free SURBL sources + rbldnsd extensive docs + configuring spamassin with new surbl source?
Yet Another Ninja wrote: On 2010-09-28 9:28, selven wrote: Hi, i wanted to set up my own surbl server, unfortunately, not much information is available around, most of the time am bumping into this http://www.surbl.org/public-dns.html, but well, getting rsync data feed access from surbl.org is way too expensive for a bunch of kids at school. Is there some sort of free list out there that i can rsync from and then if there's any guide/docs that i could follow to get my spamassassin to query my local surbl server. What's wrong with querying the public servers? Sounds more like he wants to do this as an exercise - selven, you could always rsync the uceprotect lists, if those are useful to you. /Per Jessen
rbldnsd blacklist question
Looking from opinions from people running rbl blacklists. I have a list that contains a lot of name based information. I'm about to add a lot more information to the list and what will happen is that when you look up a name you might get several results. For example, a hostname might be blacklisted, be in a URIBL list, be in a day old bread list, and a NOT QUIT list. So it might return 4 results like 127.0.0.2, 127.0.0.6, 127.0.0.7, 127.0.0.8. Is this what would be considered best practice. My thinking is that having one list that returns everything is very efficient. Thoughts?
Re: rbldnsd blacklist question
On Tue, 16 Sep 2008, Marc Perkel wrote: Looking from opinions from people running rbl blacklists. I have a list that contains a lot of name based information. I'm about to add a lot more information to the list and what will happen is that when you look up a name you might get several results. For example, a hostname might be blacklisted, be in a URIBL list, be in a day old bread list, and a NOT QUIT list. So it might return 4 results like 127.0.0.2, 127.0.0.6, 127.0.0.7, 127.0.0.8. Is this what would be considered best practice. My thinking is that having one list that returns everything is very efficient. Isn't general practice to bitmap the last octet if you're going to convey multiple pieces of information? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- W-w-w-w-w-where did he learn to n-n-negotiate like that? --- Tomorrow: the 221st anniversary of the signing of the U.S. Constitution
Re: rbldnsd blacklist question
John Hardin wrote: On Tue, 16 Sep 2008, Marc Perkel wrote: Looking from opinions from people running rbl blacklists. I have a list that contains a lot of name based information. I'm about to add a lot more information to the list and what will happen is that when you look up a name you might get several results. For example, a hostname might be blacklisted, be in a URIBL list, be in a day old bread list, and a NOT QUIT list. So it might return 4 results like 127.0.0.2, 127.0.0.6, 127.0.0.7, 127.0.0.8. Is this what would be considered best practice. My thinking is that having one list that returns everything is very efficient. Isn't general practice to bitmap the last octet if you're going to convey multiple pieces of information? If you have a situation where there might be more than one answer for a given query, and you are content with having a maximum of 7 possible answers, then... again, if both of these these things are true... then the best system by far is the following: .2 = situation #1 .4 = situation #2 .8 = situation #3 .16 = situation #4 .32 = situation #5 .64 = situation #6 .128 = situation #7 As multiple situations occur, add together the octets above. For example, .138 would mean that situations #1, #3, #7 happened. That way, anywhere from one to all seven attributes can be encapsulated as one single number, with any combination of these being clearly decipherable. From a programming perspective, do the following: If octet = 128 then #7 happened octet = octet - 128 End If If octet = 64 then #6 (also?) happened octet = octet - 64 End If If octet = 32 then #5 (also?) happened octet = octet - 23 End If etc Which is a less fancy way of saying what John Hardin said about bitmap the last octet... but I thought that spelling it out this way might be helpful for some. -- Rob McEwen http://dnsbl.invaluement.com/ [EMAIL PROTECTED] +1 (478) 475-9032
Re: rbldnsd blacklist question
On Tue, 2008-09-16 at 20:12 +0200, mouss wrote: Marc Perkel wrote: Looking from opinions from people running rbl blacklists. I have a list that contains a lot of name based information. I'm about to add a lot more information to the list and what will happen is that when you look up a name you might get several results. For example, a hostname might be blacklisted, be in a URIBL list, be in a day old bread list, and a NOT QUIT list. So it might return 4 results like 127.0.0.2, 127.0.0.6, 127.0.0.7, 127.0.0.8. Is this what would be considered best practice. My thinking is that having one list that returns everything is very efficient. Thoughts? returning multiple results is easier to manage (you can point to a single dns entry and have a single TXT record) and to parse. for example, I could do (in postfix): check_rbl_client mark.example=127.0.0.3 warn_if_reject check_rbl_client mark.example=127.0.0.4 check_rbl_client mark.example some people use bitmasks instead. but this is harder to parse/implement. after all, spamhaus, sorbs, spamcop, .. don't use bitmasks. True, but uribl and surbl do. SpamAssassin makes it easy to use that syntax. I doubt I would use Marc's list as a postfix death penalty, but it's conceivable it might garner a point or two towards a SpamAssassin score. -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com signature.asc Description: This is a digitally signed message part
Re: rbldnsd blacklist question
Marc Perkel wrote: Looking from opinions from people running rbl blacklists. I have a list that contains a lot of name based information. I'm about to add a lot more information to the list and what will happen is that when you look up a name you might get several results. For example, a hostname might be blacklisted, be in a URIBL list, be in a day old bread list, and a NOT QUIT list. So it might return 4 results like 127.0.0.2, 127.0.0.6, 127.0.0.7, 127.0.0.8. Is this what would be considered best practice. My thinking is that having one list that returns everything is very efficient. Thoughts? +1 for bitmasking the data. --Blaine
Re: Re: rbldnsd blacklist question
John Hardin wrote: div class=moz-text-flowed style=font-family: -moz-fixedOn Tue, 16 Sep 2008, Marc Perkel wrote: Looking from opinions from people running rbl blacklists. I have a list that contains a lot of name based information. I'm about to add a lot more information to the list and what will happen is that when you look up a name you might get several results. For example, a hostname might be blacklisted, be in a URIBL list, be in a day old bread list, and a NOT QUIT list. So it might return 4 results like 127.0.0.2, 127.0.0.6, 127.0.0.7, 127.0.0.8. Is this what would be considered best practice. My thinking is that having one list that returns everything is very efficient. Isn't general practice to bitmap the last octet if you're going to convey multiple pieces of information? Isnt it simple enough to write the zone file in 2 different formats and map them to 2 different zone names to support both bitmasked and multiple response if there is value in having both? URIBL uses bitmasks, but doesnt need to as we dont cross list domains to multiple lists. -- Dallas Engelken [EMAIL PROTECTED] http://uribl.com
Re: Re: rbldnsd blacklist question
Rob McEwen wrote: div class=moz-text-flowed style=font-family: -moz-fixedJohn Hardin wrote: On Tue, 16 Sep 2008, Marc Perkel wrote: Looking from opinions from people running rbl blacklists. I have a list that contains a lot of name based information. I'm about to add a lot more information to the list and what will happen is that when you look up a name you might get several results. For example, a hostname might be blacklisted, be in a URIBL list, be in a day old bread list, and a NOT QUIT list. So it might return 4 results like 127.0.0.2, 127.0.0.6, 127.0.0.7, 127.0.0.8. Is this what would be considered best practice. My thinking is that having one list that returns everything is very efficient. Isn't general practice to bitmap the last octet if you're going to convey multiple pieces of information? If you have a situation where there might be more than one answer for a given query, and you are content with having a maximum of 7 possible answers, then... Why just 7? You have 2 other octets to use.. 127.X.Y.Z - X and Y dont have to be zeros... 512 possibilities if you use all the bit on all 3 octets (but I'd avoid loopback 127.0.0.1). 448 possibilities if you only count bit 1 settable on octet 2 and 3 (ie 127.1.1.2) 343 if you avoid setting bit 1 altogether on any octet (ie 127.2.2.2) -- Dallas Engelken [EMAIL PROTECTED] http://uribl.com
OT: Setting Up DNSBL using RBLDNSD
Has anyone any tips on doing this? I do not want to mirror existing data (I already am :) ) I want to setup my own DNSBL to catch the junk that the other DNSBLS miss.. The only tutorials / guides I've found either refer explicitly to Bind or make reference to rbldns-conf, which doesn't appear to exist on Ubuntu Any tips, thoughts or even flames are welcome TIA Michele Mr Michele Neylon Blacknight Solutions http://www.blacknight.ie/ http://blog.blacknight.ie/ Intl. +353 (0) 59 9183072 UK: 0870 163 0607
rbldnsd ported to windows?
RE: rbldnsd ported to windows? Does anyone know if rbldnsd has ever been ported to windows? If not, is there an easy way to do this? Thanks, Rob McEwen PowerView Systems
rbldnsd front end
Is there a tool or howto to let users easily remove themselves? And for that matter, allow employees to add ip's. :) -- Highest Regards, Rodney Richison RCR Computing http://www.rcrnet.net 118 N. Broadway Cleveland, OK 74020 918-358-
Re: rbldnsd front end
Rodney Richison a écrit : Is there a tool or howto to let users easily remove themselves? And for that matter, allow employees to add ip's. :) I guess No. Now, employees/users should not modify the rbldnsd data, since this data is global, and also because that would mean reloading data (which may be too expensive). It would be nice if SA allowed the use of other db's (bdb, mysql, ...) to override dnsbl lookup.
Re: rbldnsd on FreeBSD
On Sunday, January 22, 2006, 4:38:11 PM, mouss mouss wrote: Larry Rosenman a écrit : Jeff Peng wrote: hi,Irina, rbldnsd is really a simple dns server.you can use it directly,no any need to bind.and,you can use rsync to download the rbl files. I have both rbldnsd and bind running on my 2 nameservers. I had to bind(pardon the pun) rbldnsd To a separate alias IP, as I couldn't seem to make bind9 do the forward correctly. ahuhuhuh? you can choose a different port for rbldnsd and tell bind to use that port. make sure to use use bind9 (or djbdns). It depends on the version of BIND: http://www.surbl.org/rbldnsd-bind-freebsd.html # For BIND 9 simply specify the IP and port rbldnsd is using: [...] # In contrast, BIND 8 can only operate on port 53. So in order to tell it to forward responses for certain domains, first we need to tell it what specific local addresses BIND 8 itself should respond on: [...] (BIND 8 does not know anything about ports other than 53, so we can't specify a port, and we must use some other address to forward requests to rbldnsd.) Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
RE: rbldnsd on FreeBSD
Jeff Peng wrote: hi,Irina, rbldnsd is really a simple dns server.you can use it directly,no any need to bind.and,you can use rsync to download the rbl files. I have both rbldnsd and bind running on my 2 nameservers. I had to bind(pardon the pun) rbldnsd To a separate alias IP, as I couldn't seem to make bind9 do the forward correctly. Rbldnsd is in FreeBSD ports (although it seems to be a release or 2 down, I'll probably submit An update soon). LER -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 512-248-2683 E-Mail: ler@lerctr.org US Mail: 430 Valona Loop, Round Rock, TX 78681-3683 US
Re: rbldnsd on FreeBSD
Some of the HowTo documents at: http://www.surbl.org/rsync-signup.html may be of use in setting up and rbldnsd server, including port forwarding from BIND. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: RE: rbldnsd on FreeBSD
when you run ./rbldnsd -h you should see: -b address[/port] - bind to (listen on) this address (required) So you can bind the rbldnsd to another alias IP address,diff from the IP that your BIND server is listening to. I think there is no conflict between the rbldnsd and the BIND. Jeff Peng wrote: hi,Irina, rbldnsd is really a simple dns server.you can use it directly,no any need to bind.and,you can use rsync to download the rbl files. I have both rbldnsd and bind running on my 2 nameservers. I had to bind(pardon the pun) rbldnsd To a separate alias IP, as I couldn't seem to make bind9 do the forward correctly. Rbldnsd is in FreeBSD ports (although it seems to be a release or 2 down, I'll probably submit An update soon). LER -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 512-248-2683 E-Mail: ler@lerctr.org US Mail: 430 Valona Loop, Round Rock, TX 78681-3683 US .
RE: RE: rbldnsd on FreeBSD
Jeff Peng wrote: when you run ./rbldnsd -h you should see: -b address[/port] - bind to (listen on) this address (required) So you can bind the rbldnsd to another alias IP address,diff from the IP that your BIND server is listening to. I think there is no conflict between the rbldnsd and the BIND. I did that, and bind didn't seem(!) to be forwarding the requests, so I just gave it a different IP address, and told Bind to leave that IP alone. Not a biggie, and it's happily responding. LER -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 512-248-2683 E-Mail: ler@lerctr.org US Mail: 430 Valona Loop, Round Rock, TX 78681-3683 US
Re: rbldnsd on FreeBSD
Larry Rosenman a écrit : Jeff Peng wrote: hi,Irina, rbldnsd is really a simple dns server.you can use it directly,no any need to bind.and,you can use rsync to download the rbl files. I have both rbldnsd and bind running on my 2 nameservers. I had to bind(pardon the pun) rbldnsd To a separate alias IP, as I couldn't seem to make bind9 do the forward correctly. ahuhuhuh? you can choose a different port for rbldnsd and tell bind to use that port. make sure to use use bind9 (or djbdns).
rbldnsd on FreeBSD
Hello all, Thank you for your answers on SURBL (few days back). I decided to install rbldnsd with rsync and have few things to ask. It will run on FreeBSD 5.4 with no named running. Server uses resolve.conf with 2 our DNS servers. Do I need to use BIND with rbldnsd and rsync? Or only rbldnsd and rsync? If I don't really need it with BIND, but would it be beneficial? Thank you, Irina
Re: rbldnsd on FreeBSD
Irina wrote: Hello all, Thank you for your answers on SURBL (few days back). I decided to install rbldnsd with rsync and have few things to ask. It will run on FreeBSD 5.4 with no named running. Server uses resolve.conf with 2 our DNS servers. Do I need to use BIND with rbldnsd and rsync? Or only rbldnsd and rsync? You don't need to use it. I do, but that's just me. My setup is doc'd at http://perlstalker.amigo.net/tiki/tiki-index.php?page=CourierRBLs. If I don't really need it with BIND, but would it be beneficial? I do it because I use a caching DNS server on a very close server that my mail servers talk to. -- Randy Smith http://perlstalker.amigo.net/ http://vuser.org
Re: rbldnsd on FreeBSD
hi,Irina, rbldnsd is really a simple dns server.you can use it directly,no any need to bind.and,you can use rsync to download the rbl files. --- Ursprüngliche Nachricht --- Von: Irina [EMAIL PROTECTED] An: users@spamassassin.apache.org Betreff: rbldnsd on FreeBSD Datum: Sat, 21 Jan 2006 14:57:02 -0500 Hello all, Thank you for your answers on SURBL (few days back). I decided to install rbldnsd with rsync and have few things to ask. It will run on FreeBSD 5.4 with no named running. Server uses resolve.conf with 2 our DNS servers. Do I need to use BIND with rbldnsd and rsync? Or only rbldnsd and rsync? If I don't really need it with BIND, but would it be beneficial? Thank you, Irina -- DSL-Aktion wegen großer Nachfrage bis 28.2.2006 verlängert: GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl
