Date: Tue, 04 Mar 2008 14:53:21 +1100 From: Mark Andrews <Mark_Andrews@isc.org> To: "Chris H." <chris#@1command.com> Cc: Jeremy Chadwick <koitsu@freebsd.org>, freebsd-stable@freebsd.org, Royce Williams <royce@alaska.net> Subject: Re: What's new on the 127.0.0/24 block in 7? Message-ID: <200803040353.m243rLR8079759@drugs.dv.isc.org> In-Reply-To: Your message of "Mon, 03 Mar 2008 19:36:04 -0800." <20080303193604.s40hzd0dw8o8gckw@webmail.1command.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Quoting Royce Williams <royce@alaska.net>: > > > Jeremy Chadwick wrote, on 3/3/2008 5:21 PM: > >> On Mon, Mar 03, 2008 at 05:43:35PM -0800, Chris H. wrote: > >> I've looked at this software: http://www.corpit.ru/mjt/rbldnsd.html > >> > >> Why exactly do you need this software to bind to 127.0.0.2 or 127.0.0.3? > >> I don't see any indication of it needing that. DNS-based RBLs don't > >> work like that, so I'm confused by this request. > > Indeed. You are /quite/ correct. I /do/ in fact run the BIND on the same > servers, and /do/ forward requests to the same servers primary address > (IP). But on a different port eg; > > blackvoid.mydomain.COM { > type forward; > forward only; > forwarders { <servers primary IP> port 530; }; > }; > > Hell, this is right out of the BIND FAQ that comes with the FreeBSD > BIND port. > > /However/, rbldnsd needs to /answer/ when it finds a match, and answers: > IN A 127.0.0.2 REJECTED! evil spammer... What does the addresses returned by a DNS lookup have to do with what addresses are configured on lo0? The answer is NOTHING. > So. This is what I mean by needing 127.0.0.? other than 127.0.0.1. > > Which brings me 'round to my original question: > What has changed in 7 regarding 127.0.0/24 (lo0 || loopback). > > I have identical server setups/configs on 2 servers. The recent RELENG_6 > server creates/provides 127.0.0/24 without question. While 7-RC3 only > provides 127.0.0.1. > > Thanks for taking the time to respond. > > --Chris H > > > > > It's not uncommon to configure BIND to forward requests for a DNSBL > > zone to another local listener, so that one can take advantage of both > > BIND local zones and rbldnsd local zones. > > > > See http://www.njabl.org/rsync.html for an example -- the BIND config > > of which looks like: > > > > zone "dnsbl.njabl.org" IN { > > type forward; > > forward first; > > forwarders { > > 127.0.0.1 port 530; > > }; > > }; > > > > Royce > > > > -- > > Royce D. Williams - IP Engineering, ACS > > http://www.tycho.org/royce/ - PGP: 3FC087DB/1776A531 > > Amid a multitude of projects, no plan is devised. - Syrus > > > > > > -- > panic: kernel trap (ignored) > > > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803040353.m243rLR8079759>