rbldns — a RBL source content DNS server using the UDP protocol




rbldns is a content DNS server that speaks the DNS/UDP protocol. It accepts DNS queries from hosts around the Internet, and responds with locally configured information. The queries ask about various IP addresses, taking the form of a reverse lookup, and responses show whether the addresses are on an RBL blacklist or whitelist.

When it starts rbldns changes its root to the directory specified by the ROOT environment variable, and drops privileges to run as the user ID and group ID specified by the UID and GID environment variables. The latter can be set up with envuidgid(1).

Normally rbldns is run via a server program such as udp-socket-listen to listen for DNS/UDP queries from hosts around the Internet. It understands the LISTEN_PID and LISTEN_FDS environment variable convention for having an already-listening socket passed to it by such a program, and uses the last open file descriptor in the list that refers to a UDP/IPv4 socket. If no such open file descriptor is provided it falls back to opening its own UDP/IPv4 socket, bound to port 53 of the IP address given by the value of the IP environment variable. It does not handle DNS/TCP.

rbldns rejects zone-transfer requests, inverse queries, non-Internet-class queries, truncated packets, packets that contain anything other than a single query, query types other than A, TXT, or ANY, and queries for domain names not beneath the base domain name.

rbldns answers queries as specified by data.cdb, a binary file in its root directory created by rbldns-data(1). The reverse lookup domain names take the form d.c.b.a.base, where a.b.c.d is the IP address being looked up and base is a domain name apex given by the value of the BASE environment variable. A queries are answered with the IP address given in the file. TXT queries are answered with the message given in the file; replacing a final $ in the message, if one is present, with the IP address being asked about.


rbldns was originally part of Daniel J. Bernstein's djbdns toolset in 2000.


Original code and documentation by Daniel J. Bernstein. Documentation modernizations by Jonathan de Boyne Pollard.