Recent Changes - Search:
Rbldnsd /

Install Rbldnsd

rbldnsd is a lightweight realtime dns-based banlist daemon. its commonly used to block email spammers and irc spam bots

installation

rbldnsd is in ports, its easiest to download it from there 

$ doas pkg_add rbldnsd

making a user

lets make a user for rbldnsd to chroot into 

$ doas useradd -m -d /home/rbl rbl

zonefiles

# su rbl
$ cd
$ mkdir zones
$ vi zones/naughty

rbldnsd zonefiles are a bit different than bind or nsd zonefiles, read the manpage or the website's shortened documentation for how they are written. below is a simple example. 

# just a normal ip
37.15.183.105
# custom A response
41.60.76.102 :5
# make a TXT record
45.48.17.20 this sent naughty spam
# custom A response and TXT record
45.83.40.14 :7: this is an infected host

rc.d service

/etc/rc.d/rbldnsd: 


#!/bin/ksh

daemon="/usr/local/sbin/rbldnsd -ve -b 2602:fccf:1:1017::6 -u rbl:rbl -r /home/rbl -w zones dnsbl.example.org:ip4set:naughty"

. /etc/rc.d/rc.subr

pexp="rbldnsd .*"
rc_cmd $1

lets enable it to start on boot and turn it on 

$ doas rcctl enable rbldnsd
$ doas rcctl start rbldnsd

debugging

if it fails, you can run the command from the daemon= line as root and it should give you more verbose output. remember to rcctl restart rbldnsd to make sure the rc.d file works after

delegate dns to it

note that you would also put an A record if you made rbldnsd listen on ipv4 too 

ns1.dnsbl    3600  IN    AAAA    2602:fccf:1:1017::6
dnsbl        3600  IN    NS      ns1.dnsbl

test if it works

assuming you have 41.60.76.102 listed from the above example zone, reverse the octets and dig it! 

dig 102.76.60.41.dnsbl.example.org A

finding ips to list

scraping proxy lists

sometimes you can find websites listing proxy ips with google

using an api

websites like shodan let you search for ips meeting certain criteria like a certain port open with a socks proxy etc

portscanning

note that this is frowned upon by many hosting providers, so make sure you have permission, eg a Linode Researcher account, or else your host might ban you

this section is probably a bad idea

globbing in the rc file

since rbldnsd does not support globbing its zonefile names, you can do it with its rc file, so you do not have to manually edit it every time you make more zones. 

#!/bin/ksh
cd /home/rbl/zones
daemon="/usr/local/sbin/rbldnsd -ve -b 2602:fccf:1:1017::6 -u rbl:rbl -r /home/rbl -w zones dnsbl.example.org:ip4set:$(echo ipv4* | tr [[:space:]] ,) dnsbl.example.org:ip6trie:$(echo ipv6* | tr [[:space:]] ,) dnsbl.example.org:combined:$(echo combined* | tr [[:space:]] ,)"

. /etc/rc.d/rc.subr

pexp="rbldnsd .*"

rc_cmd $1