On Mon, 14 Oct 2002 14:29:59 -0400 (EDT), you wrote: >On Mon, 14 Oct 2002, millerbn wrote: > >> MAPS/RBL services are derived from dns, your nameserver CAN be >> configured for it but it is NOT for normal lookups as it is in a SEPERATE >> zone. I won't comment on the developer's explanation. > >It sounds like you may be confusing recursive nameservers and authorative >nameservers. > >A recursive nameserver performs lookups. It gets its information from >authorative servers. > >An authorative server serves data specific to the zones configured on it. >(the GNATBox DNS server is an authorative server.) > >(Note, BIND, in its default configuration, does both of these >tasks...hence the common confusion.) > > I'm familiar with the difference. I didn't comment because it was correct, but only in specific instances. Wouldn't apply to someone with pro but would (possibly?) with flash. Also, I didn't see anything relating to someone wanting to configure their gbflash as a maps type device; only use gnatbox to 'query' a maps type service. This indicates to me that the explanation wasn't relevant, since the external or internal dns aren't used - only the host enabled in the email proxy maps/rbl section. Thus whether it was recursive or authorative it wouldn't be cached, since neither were consulted. See below for further info. > >> You've configured/enabled dnsbl for rbl.some.thing and 10.10.10.1 sends >> you an email, email proxy sends a query to rbl.some.thing in this form >> 1.10.10.10.rbl.some.thing and if that address gets a reply usually 127.0.0.2 >> or similiar the email is blocked and logged. > > >Mostly correct. The SMTP proxy sends a request to the configured >recursive nameservers for (using your example) 1.10.10.10.rbl.some.thing. > >A fairly simple explaination of how the name resolution process works can >be found at: > >http://www.geocities.com/Heartland/4394/work/howdoes.html > > >It would be a poor use of resources to have the SMTP proxy contain a full >caching recursive resolver just to do RBL lookups....It makes much more >sense to use the existing caches of your own (or your ISPs) recursive >servers. > Nice explanation for dns. But, maps/rbl is a hack that happens to be based on dns; nothing more.
See the above, sounds like a difference between flash and pro. Don't have flash, but pro continues to check for 1.10.10.10.rbl.some.thing on rbl.some.thing every time 10.10.10.1 sends an email. If it were cached, then there would be no need to do a lookup each time. I imagine most use their ISP or upstream dns if provided, and they'd email wanting to know why someone keeps asking about 1.10.10.10.rbl.some.thing on their dns servers, mine would if I used them. Failing that, my external dns would show logs of a failed lookup for 1.10.10.10.rbl.some.thing if it were queried. Not to sound argumentative/snide, but I know that a 'full caching recursive resolver just to do RBL lookups' was not added to sendmail. Before it was added to M4 it took less than 10 lines of code. > > >> The above example is compatible with both gnatbox and the built in >> sendmail rbl features. There are other methods, fivetensg posts their >> complete list which IIRC is compatible with current versions of bind. > >The example is a good one. It demonstrates how an RBL zone would be >configured using BIND. A few changes would need to be made to use this >with BIND8 or BIND9, but anyone familiar with the differences between >BIND4 and the newer versions shouldnt have any trouble. If you wish to >use this with a different authorative nameserver the configuration would >be different, but the BIND configuration files are fairly self >explainatory. > Thanks. I made sure I mentioned that it was for Bind4, which we should all be using till 8/9 are rewritten from scratch. That's off-topic though, and a matter of opinion for those familiar with bind. :) What different authorative name server? It's running as is on one now, with no changes other than proper domains and full soa. My intent was not to inform how to set up gbflash to do dnsbl blacklists as that wouldn't be an optimal use of resources. It was partly a reply to a question on free services, DIY is about as free as one can get. Especially since 'most' free services become pay services once their user base is large enough. It was also supposed to be a simple explanation on how it worked since there seemed to be some confusion on that. Mail being blocked is a big deal, who's to say what should or should not be blocked other than the individual admin? Good example is when spamcop allowed comcast.net to be added to their database. Excuse any errors due to changes since Gnatbox Pro v3.1.3s or differences between flash and pro. Don't let that stop any corrections though, since I'm always open to new thoughts. > >--- >David Raistrick > Systems Administrator - Global Technology Associates, Inc > [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
