<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div><span>Dear All,</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span> My BIND DNS server is authorized to use spamhaus RPZ service and spamhaus official team requested me to paste below configuration line in /etc/named.conf file. Since i am new to RPZ and BIND, kindly help me to enable this feature.<br></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size:
16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span>zone "rpz.spamhaus.org" {<br> type slave;<br> file "dbx.rpz.spamhaus.org";<br> masters { 199.168.90.51; 199.168.90.52; 199.168.90.53; };<br> allow-transfer { none; };<br> allow-query { none; };<br>};<br></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span>My question is:</span></div><div style="color: rgb(0, 0, 0); font-size: 16px;
font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span>1. If i paste the above line alone in /etc/named.conf file will work?</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span>2. What will be the content of dbx.rpz.spamhaus.org file ?</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color:
rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span>3. How to maintain the local whitelist policy?</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span>Regards</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span>Babudheen</span></div><div style="display: block;" class="yahoo_quoted"> <br>
<br> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <font face="Arial" size="2"> On Friday, 8 March 2013 3:03 AM, "pgbind9@ml1.net" <pgbind9@ml1.net> wrote:<br> </font> </div> <div class="y_msg_container">hi,<br><br>i've installed<br><br> named -v<br> BIND 9.9.2-rpz+rl.028.23-P1<br><br>i've registered my nameserver IP with spamhaus for use of its RPZ list;<br>i've been approved for access.<br><br>i've setup my bind9 conf for slave access to a spamhaus RPZ<br><br> ...<br> acl rpz4_spamhaus { 199.168.90.51; 199.168.90.52;<br> 199.168.90.53; };<br> masters rpz4_spamhaus { 199.168.90.51; 199.168.90.52;<br> 199.168.90.53; };<br> ...<br> channel bind_rpzlog
{<br> file "/var/log/bind-rpz.log" versions 10 size 5m;<br> print-time yes;<br> print-category yes;<br> print-severity yes;<br> severity debug;<br> };<br> ...<br> category rpz { bind_rpzlog; };<br> ...<br> view "internal" {<br> ...<br> response-policy {<br> zone "drop.rpz.spamhaus.org";<br> };<br> ...<br> zone "drop.rpz.spamhaus.org" IN {<br> type slave;<br> file "/namedb/slave/drop.rpz.spamhaus.org.zone";<br> masters {
rpz4_spamhaus; };<br> allow-query { localhost; };<br> allow-transfer { rpz4_spamhaus; };<br> request-ixfr yes;<br> notify no;<br> };<br> ...<br><br>Bind launches initially with no errors, but xfer log eventually reports:<br><br> ...<br> 07-Mar-2013 13:26:25.657 xfer-in: error: transfer of<br> 'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.51#53:<br> failed to connect: timed out<br> 07-Mar-2013 13:26:25.657 xfer-in: info: transfer of<br> 'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.51#53:<br> Transfer completed: 0 messages, 0 records, 0 bytes, 7.010 secs<br> (0 bytes/sec)<br> 07-Mar-2013 13:27:17.673 xfer-in: error:
transfer of<br> 'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.52#53:<br> failed to connect: timed out<br> 07-Mar-2013 13:27:17.673 xfer-in: info: transfer of<br> 'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.52#53:<br> Transfer completed: 0 messages, 0 records, 0 bytes, 7.014 secs<br> (0 bytes/sec)<br> 07-Mar-2013 13:28:09.689 xfer-in: error: transfer of<br> 'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.53#53:<br> failed to connect: timed out<br> 07-Mar-2013 13:28:09.689 xfer-in: info: transfer of<br> 'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.53#53:<br> Transfer completed: 0 messages, 0 records, 0 bytes, 7.014 secs<br> (0 bytes/sec)<br> ...<br><br>the RPZ log @
/var/log/bind-rpz.log is created on bind start, but is<br>completely empty.<br><br>if i<br><br> rndc -k /usr/local/etc/named/keys/rndc-key retransfer<br> drop.rpz.spamhaus.org<br><br>logs show only<br><br> ==> /var/log/bind-main.log <==<br> 07-Mar-2013 13:58:43.576 general: info: received control channel<br> command 'retransfer drop.rpz.spamhaus.org'<br><br>but nothing improves/changes.<br> <br>I've no idea as to why the 'failed to connect' message. As an obvious<br>result, no local zone file is created/written.<br><br>Where should I start looking/debugging for the cause of this failed<br>transfer? Any other hints?<br><br>Thanks!<br><br>-pg<br>_______________________________________________<br>Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users </a>to unsubscribe from this list<br><br>bind-users mailing list<br><a
ymailto="mailto:bind-users@lists.isc.org" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br><a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br><br><br></div> </div> </div> </div> </div></body></html>