rbldnsd.io - A small and fast DNS daemon especially made to serve DNSBL zones

Usage

rbldnsd should be started as root user, in order to be able to bind to privileged port 53. After binding to the specified port and (optionally) changing its root to a specified directory, daemon will change its userid to specified value. Here is how rbldnsd can be used:


rbldnsd [options] zonename:type:fname,fname...

There is no config file, rbldnsd accepts all configuration in command line. The same zonename may be repeated, to form zone contents from several datasets; ditto for a dataset, one dataset may be used for several zones (data will be loaded only once). See manual page included in tarball for details.

Zone File Format

Input format is very simple and far more suitable for such a task compared to one of full-featured bind. Rbldnsd may take input format of DJB's rbldns (i.e. file understood by rbldns-data program) as is, but it isn't limited to this format. Some examples of input format understood by rbldnsd:



:127.0.0.2:Open relay, see https://relays.example.com/lookup?$
# The above is a default or implicit value which is used when no value given
# for an entry.  The '$' characters will be replaced by an IP address in
# question.

127.0.0.2
# The simplest case: single IP address, with default value.

10.8.60.0/24 :127.0.0.3:Address $ is from a private IP range
# Netblock - 256 IP addresses with their own A and TXT records

224/4        Reserved multicast address
# Another netblock, with default A and explicit TXT values.

192.168	 Dialup pool, see https://dialups.example.com/lookup?$ for explanations
# IP numbers may be abbreviated, the above is the same as 192.168.0.0/16

10.10    :5:This network blocked due to massive spam issues
# A value may be abbreviated as well - :5: is the same as :127.0.0.5:.

10.10.5-129	:5:Those hosts are nasty
# repeat last octet: 10.10.5.0..10.10.129.255 inclusive

!10.10.1.2
# exclusion entry

# The following examples are for name-based zones.

example.com   :2:This domain is considered malicious
# Entry for just the domain itself

*.example.com :2:All subdomains of example.com are considered malicious
# Wildcarded entry, will return 127.0.0.2 A record for all subdomains as well

# Some special features

$SOA 3000 ns1.example.com admin.example.com 0 600 300 86400 300
# Start of authority record (TTL 3000), with serial (0) computed as
# a timestamp of data file

$NS 3000 ns1.example.com ns2.example.com
# Two nameservers

There are other zone formats available, including generic simplified bind-style format.