# Install Rbldnsd

rbldnsd is a lightweight realtime dns-based banlist daemon. its commonly used to block email spammers and irc spam bots

## installation

rbldnsd is in ports, its easiest to download it from there

    $ doas pkg_add rbldnsd


### making a user

lets make a user for rbldnsd to chroot into

    $ doas useradd -m -d /home/rbl rbl


### zonefiles

    # su rbl
    $ cd
    $ mkdir zones
    $ vi zones/naughty


rbldnsd zonefiles are a bit different than `bind` or `nsd` zonefiles, read the [manpage](https://rbldnsd.io/documentation/rbldnsd.8.html) or the [[website's shortened documentation](/https://rbldnsd.io/documentation/) for how they are written. below is a simple example.
rbldnsd zonefiles are a bit different than `bind` or `nsd` zonefiles, read the [manpage](https://rbldnsd.io/documentation/rbldnsd.8.html) or the [[website's shortened documentation](/https://rbldnsd.io/documentation/) for how they are written. below is a simple example.

    # just a normal ip
    37.15.183.105
    # custom A response
    41.60.76.102 :5
    # make a TXT record
    45.48.17.20 this sent naughty spam
    # custom A response and TXT record
    45.83.40.14 :7: this is an infected host


!!!rc.d service

/etc/rc.d/rbldnsd:

    #!/bin/ksh
    daemon="/usr/local/sbin/rbldnsd -ve -b 2602:fccf:1:1017::6 -u rbl:rbl -r /home/rbl -w zones dnsbl.example.org:ip4set:naughty"
    . /etc/rc.d/rc.subr
    pexp="rbldnsd .*"
    rc_cmd $1


lets enable it to start on boot and turn it on

    $ doas rcctl enable rbldnsd
    $ doas rcctl start rbldnsd


!!!debugging

if it fails, you can run the command from the `daemon=` line as root and it should give you more verbose output. remember to `rcctl restart rbldnsd` to make sure the rc.d file works after

### delegate dns to it

note that you would also put an `A` record if you made rbldnsd listen on ipv4 too

    ns1.dnsbl    3600  IN    AAAA    2602:fccf:1:1017::6
    dnsbl        3600  IN    NS      ns1.dnsbl


## test if it works

assuming you have `41.60.76.102` listed from the above example zone,

reverse the octets and dig it!

    dig 102.76.60.41.dnsbl.example.org A


## finding ips to list

### scraping proxy lists

sometimes you can find websites listing proxy ips with [google](/https://www.google.com/search?q=46.166.142.214+proxy)

### using an api

websites like [shodan](/https://shodan.io) let you search for ips meeting certain criteria like a certain port open with a socks proxy etc

### portscanning

note that this is frowned upon by many hosting providers, so make sure

you have permission, eg a Linode Researcher account, or else your host might ban you

## this section is probably a bad idea

### globbing in the rc file

since rbldnsd does not support globbing its zonefile names, you can do it with its rc

file, so you do not have to manually edit it every time you make more zones.

    #!/bin/ksh
    cd /home/rbl/zones
    daemon="/usr/local/sbin/rbldnsd -ve -b 2602:fccf:1:1017::6 -u rbl:rbl -r /home/rbl -w zones dnsbl.example.org:ip4set:$(echo ipv4* | tr [ tr [:space:](/:space:]] ,) dnsbl.example.org:ip6trie:$(echo ipv6* ) ,) dnsbl.example.org:combined:$(echo combined* ](/ tr [[:space:) ,)"
    . /etc/rc.d/rc.subr
    pexp="rbldnsd .*"
    rc_cmd $1