Initial BIND 9.9.2 RPZ xfr (spamhaus) failing with "failed to connect: timed out" ?
babu dheen
babudheen at yahoo.co.in
Mon Dec 23 13:10:51 UTC 2013
Dear All,
My BIND DNS server is authorized to use spamhaus RPZ service and spamhaus official team requested me to paste below configuration line in /etc/named.conf file. Since i am new to RPZ and BIND, kindly help me to enable this feature.
zone "rpz.spamhaus.org" {
type slave;
file "dbx.rpz.spamhaus.org";
masters { 199.168.90.51; 199.168.90.52; 199.168.90.53; };
allow-transfer { none; };
allow-query { none; };
};
My question is:
1. If i paste the above line alone in /etc/named.conf file will work?
2. What will be the content of dbx.rpz.spamhaus.org file ?
3. How to maintain the local whitelist policy?
Regards
Babudheen
On Friday, 8 March 2013 3:03 AM, "pgbind9 at ml1.net" <pgbind9 at ml1.net> wrote:
hi,
i've installed
named -v
BIND 9.9.2-rpz+rl.028.23-P1
i've registered my nameserver IP with spamhaus for use of its RPZ list;
i've been approved for access.
i've setup my bind9 conf for slave access to a spamhaus RPZ
...
acl rpz4_spamhaus { 199.168.90.51; 199.168.90.52;
199.168.90.53; };
masters rpz4_spamhaus { 199.168.90.51; 199.168.90.52;
199.168.90.53; };
...
channel bind_rpzlog {
file "/var/log/bind-rpz.log" versions 10 size 5m;
print-time yes;
print-category yes;
print-severity yes;
severity debug;
};
...
category rpz { bind_rpzlog; };
...
view "internal" {
...
response-policy {
zone "drop.rpz.spamhaus.org";
};
...
zone "drop.rpz.spamhaus.org" IN {
type slave;
file "/namedb/slave/drop.rpz.spamhaus.org.zone";
masters { rpz4_spamhaus; };
allow-query { localhost; };
allow-transfer { rpz4_spamhaus; };
request-ixfr yes;
notify no;
};
...
Bind launches initially with no errors, but xfer log eventually reports:
...
07-Mar-2013 13:26:25.657 xfer-in: error: transfer of
'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.51#53:
failed to connect: timed out
07-Mar-2013 13:26:25.657 xfer-in: info: transfer of
'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.51#53:
Transfer completed: 0 messages, 0 records, 0 bytes, 7.010 secs
(0 bytes/sec)
07-Mar-2013 13:27:17.673 xfer-in: error: transfer of
'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.52#53:
failed to connect: timed out
07-Mar-2013 13:27:17.673 xfer-in: info: transfer of
'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.52#53:
Transfer completed: 0 messages, 0 records, 0 bytes, 7.014 secs
(0 bytes/sec)
07-Mar-2013 13:28:09.689 xfer-in: error: transfer of
'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.53#53:
failed to connect: timed out
07-Mar-2013 13:28:09.689 xfer-in: info: transfer of
'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.53#53:
Transfer completed: 0 messages, 0 records, 0 bytes, 7.014 secs
(0 bytes/sec)
...
the RPZ log @ /var/log/bind-rpz.log is created on bind start, but is
completely empty.
if i
rndc -k /usr/local/etc/named/keys/rndc-key retransfer
drop.rpz.spamhaus.org
logs show only
==> /var/log/bind-main.log <==
07-Mar-2013 13:58:43.576 general: info: received control channel
command 'retransfer drop.rpz.spamhaus.org'
but nothing improves/changes.
I've no idea as to why the 'failed to connect' message. As an obvious
result, no local zone file is created/written.
Where should I start looking/debugging for the cause of this failed
transfer? Any other hints?
Thanks!
-pg
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20131223/87dfbc0d/attachment.html>
More information about the bind-users
mailing list