DNS blocklist in BIND?
Eivind Olsen
eivind at aminor.no
Sat Nov 2 07:52:32 UTC 2002
--On 1. november 2002 01:51 -0800 "chot at home.se" <chot at home.se> wrote:
> Is it possible to create a dns blocklist (dnsbl)
> using BIND?
> Have anyone information about guidelines or something
> like that if it is possible?
Are you talking about a DNS-based blocklist to be used by for example
mailservers, like ORDB (http://www.ordb.org)?
Yes, it can be done - why shouldn't it be possible? All you really need is
to consider a few things:
1) How will updates to the list be made? Will it happen automatically? Then
you'll have to write some framework outside of BIND that determines what
should be blocked or not and then updates the blocklist-zone for BIND.
2) I think dynamic updates are the way to go when doing these updates as
you won't have to reload the complete zone every time you do an update.
3) If the other nameservers for that zone can handle it you should
definitely look into using IXFR for zone transfers.
--
Eivind Olsen
eivind at aminor.no
More information about the bind-users
mailing list