At 11:31 PM -0600 5/30/03, LuKreme imposed structure on a stream of
electrons, yielding:
>On Friday, May 30, 2003, at 19:01 Canada/Mountain, Bill Cole wrote:
>>all you have to do is flip the switch in /etc/hostconfig, edit the
>>relevant stuff in /etc/named.conf, create a zone file, and you're
>>off.
>
>COuld you provide some details on this? I have some familiarity
>with BIND and have created a zone file for my LAN, but I wouldn't
>exactly know where to start with a RBL. are the addresses just in a
>/etc/hosts formatted file?
>
>127.0.0.2 spam.scum.com
>
>or something?
Not quite. The BIND zone file format isn't /etc/hosts format at all.
Here's the top of my zone file for my local DNSBL:
$TTL 10800 ;
$ORIGIN blackholes.scconsult.com. ;
@ 1D IN SOA @ bill.scconsult.com. (
2003053110 ; serial
1H ; refresh
15M ; retry
1W ; expiry
3H ) ; minimum
@ 1D IN NS toaster.scconsult.com.
@ 1D IN NS fireproof.scconsult.com.
$ORIGIN 88.60.4.blackholes.scconsult.com. ; Verizon's 'bizmailsrvrcs' is not a
competent network operator 20030530084857
* IN A 127.0.0.2
* IN TXT " Verizon's 'bizmailsrvrcs' is not a competent
network operator 20030530084857 "
It basically repeats from there, with different $ORIGIN lines,
comments and TXT records. Note that I manage this by way of a
shell script wrapper around a perl backend that turns a SIMS-style
blacklist into a BIND zone file. The shell script takes a range and
comment as input, sorts the new data into the SIMS-style text file
as a record with a timestamp, pumps that text file through the perl
convertor, and kicks the nameserver to reload the zone. Doing that
automation means that there is never a syntactical error in the file,
and every record added has common features. The actual lookup for a
DNSBL is for an A record, but I have TXT records as well because of
the tradition of doing basic documentation of records there.
You'll note that the SOA fields for this zone are wildly different
from what you'd usually use. That's because a DNSBL really should be
realtime, not heavily cached. When I was trying to have my primary
nameserver (running an OLD QuickDNS Pro, on the same P575 as SIMS)
act as a secondary, I needed those TTL settings. As it turned out,
QDNS really could not handle the zone (which is now 3.6MB in BIND
format) and for me the SOA fields are pointless, but if you intend
to run a blacklist that has some robustness to it, and so has
multiple authorities, you really should make sure the SOA times make
sense from the standpoint of how actively you expect to maintain the
list.
--
Bill Cole
[EMAIL PROTECTED]
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
