On Sat, 13 Feb 2016, Alex wrote:
I've now got rbldnsd implemented. I've also known for a while it's
faster/better than bind, but bind has always been in place.
I have rbldnsd running on port 530, alongside bind on 53. How do I
specify a urirhsbl in spamassassin to query the DNS server running on
530 instead of 53?
One way to do this is to set up a "forward only" zone in your bind config.
For example, assume you're authoritative for "example.com" and you've got
your rbldnsd set up to serve up your data as zone "mybl.example.com" and
it's bound to 192.168.124.23/530
Then in your bind config file create a zone:
zone "mybl.example.com" {
type forward;
forward only;
forwarders {
192.168.124.23 port 530;
};
};
Then when your clients (spamd or regular dns tools) query
"blah.com.mybl.example.com" it will hit your bind and then
get passed on to your rbldnsd for an answer.
If you want to hide that resource from the world put that zone
in a private 'view' in your bind. You could control access via an
ACL but by putting it inside a private view they'll never even see it
to try pounding on it.
To provide fault tolerance, you can set up rbldnsd's on multiple
machines and put multiple addresses in that 'forwarders' stanza.
You will need to put that zone definition in your primary bind and
each secondary.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
