Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNSBL Howto

Status
Not open for further replies.
warmongr

warmongr

MIS
Mar 17, 1999
214
US
I've searched hi and lo for a good primer on setting up a DNS Blacklist. I finally got one set up but I'm not sure it's right. I'd like to find a no-sh?t guide that allows me to use a URL list vice an IP listing.

THanks if you can help. have a good day if you can't.

N
 
Sort by date Sort by votes
Depends on what MTA you're using. sendmail is pretty easy to set up with URLs. EXIM is a little different, but still uses URLs.
 
Upvote 0 Downvote
Using postfix. I'm more concerned with setting up the DNS side of things than I am the mail server at this point. I created a zone file like:

; BIND db file for ad servers - point all addresses to localhost
;
;

$TTL 86400
@ IN SOA blacklist.x.x.x. root.x.x.x. (
2004061000 ;
28800 ; refresh 8 hours
7200 ; retry 2 hours
864000 ; expire 10 days
86400 ) ; min ttl 1 day
NS ns1.x.x.x.
NS ns2.x.x.x.

A 127.0.0.1

* IN A 127.0.0.1

I then created an include file in my named.conf file with entries such as: (snippet)
zone "007arcadegames.com" {type master; file "master/internal/blockeddomain.hosts";};
zone "008i.com" {type master; file "master/internal/blockeddomain.hosts";};
zone "008k.com" {type master; file "master/internal/blockeddomain.hosts";};
zone "00hq.com" {type master; file "master/internal/blockeddomain.hosts";};

however when I do and nslookup on say 008i.com I get

*** ns1.x.x.x can't find 008i.com: Non-existent host/domain

I was thinking I'd get back 127.0.0.1

Any advice? It seems as though the blockeddomain.hosts file is not pointing to the right location or root.

N

 
Upvote 0 Downvote
May I humbly offer spamhaus.org's documentation on 127.0.0.x as they use it..


I bring this up because you might be creating some current/future trouble by looking for results at 127.0.0.1 which is, of course, localhost. Perhaps the spamhaus ranges will guide some of your configuration?

D.E.R. Management - IT Project Management Consulting
 
Upvote 0 Downvote
I agree with thedaver - messing with the loopback address can cause weird results, especially with both BIND and an MTA. The spamhaus docs are a good recommendation.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

7280
  • Locked
  • Question
Redhat 4: Howto set decimal separator? 1
Replies
5
Views
63
Ogzilal
Ogzilal
QatQat
  • Locked
  • Question
DNSBL log
Replies
3
Views
26
QatQat
QatQat
QatQat
  • Locked
  • Question
DNSBL with sendmail
Replies
2
Views
27
QatQat
QatQat
scienzia
  • Locked
  • Question
simple ppp howto 2
Replies
5
Views
45
scienzia
scienzia
rouse01
  • Locked
  • Question
Howto allow index of FC4 root 1
Replies
5
Views
32
RhythmAce
RhythmAce

Part and Inventory Search

Sponsor

Back
Top