TechTheftBuilding a DNSBL |
|||||||||
|
|
DNS Access
DNSBLs are easy to use from a query perspective. All you need is a script or piece of program code to lookup the IP number of a hostname. So how do we provide this method of lookup? Obviously we could use a standard DNS server such as BIND. But this is not such a good idea as you might first think. Why not? Better DNS software is available, use MJT's rbldnsd or DJB's rbldns. Both of these are DNS nameservers optimized for the specific case of serving a DNSBL zone. rbldnsd has even been optimised to the point of providing efficient evidence links and diverse nameservers. DNSBL zones are not much like other zones. They frequently have CIDR blocks in them, the same responses for many names, and other oddities which are not necessarily implemented efficiently in general-purpose nameserver software. Dedicated DNSBL software is more efficient, has simpler configuration (is harder to screw up -- at least in the case of rbldnsd), and doesn't implement features that you would have to just turn off in BIND -- like recursive queries. rbldnsd is easy to set up, has a very simple zone file syntax, each IP with some evidence (easy to maintain with scripts) and doesn't play silly buggers. |
||||||||