[SURBL-Discuss] Re: tips for SURBL on setting up reverse proxy NS's? (fwd)

[Justin Mason]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


forwarded from one DNSBLer...

> I'm running one of the proxies for openrbl.org.  It's dead easy to set
> this up -- a copy of Pound, a dedicated IP address, and 5 minutes to
> write a 20 line config file.  Pound helps "clean" the requests, and
> hides the real back-end server.
> 
> The portion of openrbl.org I proxy uses under 10kbps on average, with a
> spike every few days for up to a few hours when someone tries to smack
> it.  I run the IP through a 64kbps pipe with ipfw (gateway box runs
> FreeBSD) for extra warmfuzzies, and packet filter all but port-80 to the
> IP I've assigned.
> 
> > [...] fancy posting to discuss at lists.surbl.org with tips?
> 
> I'm at my quota for mailing lists -- if I subscribe to another, my nose
> will bleed.  Pound is dead easy.  I would venture to guess that someone
> who can't get it running probably shouldn't.
> 
> Pound is at http://www.apsis.ch/pound/, or in ports/www/pound if you're
> FreeBSDing it.



Another tip from the SBL folks:

> I'm not even sure where the root SBL zone server is.  All the public zone
> servers and AXFR feeds are seperate.  Query load is rather large, so
> sub-zones are being broken out to two levels, allowing for more
> nameservers to spread out the load.  (Admins are encouraged to use
> close-by servers when possible.)  Check "NS" records for
> "sbl.spamhaus.org".
> 
> Probably goes without saying, but selecting a zone name that can be "end
> of lifed" when needed should be considered.



Also, someone else mentioned that the top-level zone, "surbl.org" for
example, may become the target.  So that also needs 2ndaries.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFAhBoMQTcbUG5Y7woRArYEAKDNaPrBvk8R9TgGbxVRrVZKNXftKQCgzd3U
zZlpJ3DwvnDV1aUlly2jspU=
=mVsZ
-----END PGP SIGNATURE-----