Indeed, I just realized an embarrassing screw-up on my part.
There are two different programs with similar names and slightly different properties,including zone file differences:
rbldns
rbldnsd
We are using rbldnsd zone files. I need to update the web site to reflect this and post an announcement.
As am I.. I guess I didn't realize there was a rbldns either... In rbldnsd, you can wildcard domains...
From # man rbldnsd
dnset Set of (possible wildcarded) domain names with associated A and TXT values. Similar to ip4set, but instead of IP addresses, data consists of domain names (not in reverse form). One domain name per line, possible starting with wildcard (either with starâdot (*.) or just a dot). Entry starting with exclamation sign is exclusion. Default value for all subsequent lines may be specified by a line starting with a colon.
Wildcards are interpreted as follows:
example.com only example.com domain is listed, not subdomains thereof. Not a wildcard entry.
*.example.com all subdomains of example.com are listed, but not examâ ple.com itself.
.example.com all subdomains of example.com and example.com itself are listed. This is a shortcut: to list a domain name itself and all itâs subdomains, one may either specify two lines (example.com and *.example.com), or one line (.examâ ple.com).
Instead of listing FQDN's, why not just list the TLD with a dot in front... For example, list .mailnotice.biz instead of t.mailnotice.biz in case they change to some other letter in front of their TLD.
Dallas
On Friday, April 23, 2004, 6:06:47 PM, Dallas Engelken wrote:
dnset Set of (possible wildcarded) domain names with associated A and TXT values. Similar to ip4set, but instead of IP addresses, data consists of domain names (not in reverse form). One domain name per line, possible starting with wildcard (either with starâdot (*.) or just a dot). Entry starting with exclamation sign is exclusion. Default value for all subsequent lines may be specified by a line starting with a colon.
Wildcards are interpreted as follows:
example.com only example.com domain is listed, not subdomains thereof. Not a wildcard entry.
*.example.com all subdomains of example.com are listed, but not examâ ple.com itself.
.example.com all subdomains of example.com and example.com itself are listed. This is a shortcut: to list a domain name itself and all itâs subdomains, one may either specify two lines (example.com and *.example.com), or one line (.examâ ple.com).
Instead of listing FQDN's, why not just list the TLD with a dot in front... For example, list .mailnotice.biz instead of t.mailnotice.biz in case they change to some other letter in front of their TLD.
There was a thread discussing BIND's lack of caching of wildcards earlier:
http://lists.surbl.org/pipermail/discuss/2004-April/000178.html
Not sure if rbldnsd falls under the same category, but in either case we've taken a different approach to remove the subdomains/host names on both the data and client sides so that we're only comparing base domains between them. If mailnotice.biz is the base domain then that's all we look for in the SURBL and all we should be extracting from the message body URI.
In other words we're deliberately using base domains everywhere and not (wildcarded) subdomains.
Jeff C.
-
Dallas L. Engelken -
Jeff Chan