Requirements

  • djbdns, which provides the rbldns programm.
  • the system accounts Grbldns and Gdnslog.
  • ?secure service setup via runit. This is facilitated by djbdns itself.

Optional:

Delegation

White/Blacklist DNS services must be delegated subdomains. We use rbl.magma-soft.at for the MagmaSoft smtp blacklist. There is one server running an rbldns instance on a public IP. The zone data is managed from a central place.

&rbl.magma-soft.at:<IP>:rbldns.magma-soft.at

However, we shortcut resolution of the whitelist on the external dnscache:

echo <IP> > /etc/dnscachex/root/servers/rbl.magma-soft.at

Setup

sudo -i
rbldns-conf Grbldns Gdnslog /etc/rbldns <IP> rbl.magma-soft.at
cd /etc/rbldns
chgrp -R staff root
chmod -R g+w root
chmod g+sw root
tail -F log/main/current&
ln -s `pwd` /service

After verifying that the service started with a line like:

@400000005c2b7df728e15adc starting rbldns

the log viewer can be terminated.

Notes

  • Tests will only succeed with A and TXT queries on #.#.#.#.wl.magma-soft.at, where # is 0 - 255. Any other query will not be answered by rbldns.

  • The MagmaSoft rbl data files startes with the following two lines to comply with DNSxL

    :127.0.0.1:https://support.magma-soft.at/en/rbl?ip=$
    127.0.0.2