Re: tips for SURBL on setting up reverse proxy NS's? (fwd)
jm at jmason.org
Mon Apr 19 12:27:24 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
forwarded from one DNSBLer...
> I'm running one of the proxies for openrbl.org. It's dead easy to set
> this up -- a copy of Pound, a dedicated IP address, and 5 minutes to
> write a 20 line config file. Pound helps "clean" the requests, and
> hides the real back-end server.
> The portion of openrbl.org I proxy uses under 10kbps on average, with a
> spike every few days for up to a few hours when someone tries to smack
> it. I run the IP through a 64kbps pipe with ipfw (gateway box runs
> FreeBSD) for extra warmfuzzies, and packet filter all but port-80 to the
> IP I've assigned.
> > [...] fancy posting to discuss at lists.surbl.org with tips?
> I'm at my quota for mailing lists -- if I subscribe to another, my nose
> will bleed. Pound is dead easy. I would venture to guess that someone
> who can't get it running probably shouldn't.
> Pound is at http://www.apsis.ch/pound/, or in ports/www/pound if you're
> FreeBSDing it.
Another tip from the SBL folks:
> I'm not even sure where the root SBL zone server is. All the public zone
> servers and AXFR feeds are seperate. Query load is rather large, so
> sub-zones are being broken out to two levels, allowing for more
> nameservers to spread out the load. (Admins are encouraged to use
> close-by servers when possible.) Check "NS" records for
> Probably goes without saying, but selecting a zone name that can be "end
> of lifed" when needed should be considered.
Also, someone else mentioned that the top-level zone, "surbl.org" for
example, may become the target. So that also needs 2ndaries.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS
-----END PGP SIGNATURE-----
More information about the Discuss