Difference between revisions of "Atomicrbl"
(Created page with "= Introduction = The Atomicorp RBLs are part of the Atomicorp Threat Intelligence system. = Local DNS mirror = == Requesting Access == Access to the zones, for local DNS m...") |
(→Remote Resolver) |
||
Line 91: | Line 91: | ||
== Remote Resolver == | == Remote Resolver == | ||
+ | |||
+ | These instructions are for organizations that want to provide a copy of the zones to their local systems, without installing local copies on those systems. | ||
+ | |||
+ | Note: Do not run a public remote resolver. If you would like to run a public resolver, please let us know, theres some additional software you will need. | ||
+ | |||
+ | === Software Installation === | ||
+ | |||
+ | Note: These instructions are for Redhat and Centos based systems, please other operating systems contact your OS vendor for instructions for installing rbldnsd on your system, or if you need assistance from us please let us know and we'll put a quote together for your system. | ||
+ | |||
+ | Step 1) | ||
+ | |||
+ | ''yum -y install rbldnsd'' | ||
+ | |||
+ | Note: rbldnsd is not provided by Atomicorp. | ||
+ | |||
+ | Step 2) Configure rbldnsd | ||
+ | |||
+ | For a local resolver, all you need to do is add this single line to your ''/etc/sysconfig/rbldnsd'' file, and you must change the IP address 1.2.3.4 to your servers IP address: | ||
+ | |||
+ | RBLDNSD="dsbl -u rbldnsd -b1.2.3.4 -a -v -f -c60 -r/home/rbldnsd/chroot -w zones threat1.atomicrbl.com:ip4set:threat1.rbl atomicrbl.com:generic:atomicrbl.com threat2.atomicrbl.com:ip4set:threat2.rbl threat3.atomicrbl.com:ip4set:threat3.rbl threat4.atomicrbl.com:ip4set:threat4.rbl threat5.atomicrbl.com:ip4set:threat5.rbl test.atomicrbl.com:ip4set:test.atomicrbl.com threat6.atomicrbl.com:ip4set:threat6.rbl threat7.atomicrbl.com:ip4set:threat7.rbl alert6.atomicrbl.com:ip4set:alert6.rbl -l +/logs/rbldnsd.log -s /logs/rbldnsd_stats" | ||
+ | |||
+ | By default, in Redhat and Centos, everything else should be commented out in this configuration file. If its not, comment it out, you will only need this line in that file. | ||
+ | |||
+ | Step 3) create the rbldnsd user | ||
+ | |||
+ | ''useradd rbldnsd'' | ||
+ | |||
+ | Step 4) create the rbldnsd directories | ||
+ | |||
+ | ''mkdir /home/rbldnsd/chroot'' | ||
+ | |||
+ | ''mkdir /home/rbldnsd/chroot/logs'' | ||
+ | |||
+ | ''mkdir /home/rbldnsd/chroot/zones'' | ||
+ | |||
+ | === Download the zones === | ||
+ | |||
+ | Step 1) Request access | ||
+ | |||
+ | See the top of this document for access. Access to the zones, for local DNS mirroring, is restricted and is restricted to existing customers only. | ||
+ | |||
+ | Step 2) Use rsync to download the zones | ||
+ | |||
+ | Note: Do not run this more often than hourly at this time. | ||
+ | |||
+ | ''rsync -azv rsync.atomicrbl.com::atomicrbl/* /home/rbldnsd/chroot/zones'' | ||
+ | |||
+ | Note: Our zones are formated for rbldnsd, an fast and low memory footprint DNS server designed for RBLs. | ||
+ | |||
+ | Step 3) Start rbldnsd | ||
+ | |||
+ | ''/etc/init.d/rbldnsd start'' | ||
+ | |||
+ | Step 4) Test resolution | ||
+ | |||
+ | ''nslookup 2.0.0.127.test.atomicrbl.com'' | ||
+ | |||
+ | If you have things setup correctly to use a [[local resolver]] on your system, you should see this: | ||
+ | |||
+ | <pre> | ||
+ | Server: 127.0.0.1 | ||
+ | Address: 127.0.0.1#53 | ||
+ | |||
+ | Non-authoritative answer: | ||
+ | Name: 2.0.0.127.test.atomicrbl.com | ||
+ | Address: 127.0.0.1 | ||
+ | </pre> | ||
+ | |||
+ | Step 5) Setup logrotation for the resolution logs | ||
+ | |||
+ | |||
+ | Add this file: | ||
+ | |||
+ | <pre> | ||
+ | /home/rbldnsd/chroot/logs/*.log { | ||
+ | rotate 30 | ||
+ | daily | ||
+ | compress | ||
+ | missingok | ||
+ | notifempty | ||
+ | create 0644 rbldnsd rbldnsd | ||
+ | sharedscripts | ||
+ | prerotate | ||
+ | /sbin/service rbldnsd stop | ||
+ | endscript | ||
+ | postrotate | ||
+ | /sbin/service rbldnsd start | ||
+ | endscript | ||
+ | } | ||
+ | </pre> | ||
+ | |||
+ | To this directory: | ||
+ | |||
+ | /etc/logrotate.d |
Revision as of 15:34, 26 November 2014
Contents |
Introduction
The Atomicorp RBLs are part of the Atomicorp Threat Intelligence system.
Local DNS mirror
Requesting Access
Access to the zones, for local DNS mirroring, is restricted. To request access, please send an email to support. We will need to know the IP address(es) of the systems that will be requesting access, and will ask you to sign an confidentiality agreement to access the zones.
Access is restricted to existing customers only.
Local Only Resolver
Software Installation
Note: These instructions are for Redhat and Centos based systems, please other operating systems contact your OS vendor for instructions for installing rbldnsd on your system, or if you need assistance from us please let us know and we'll put a quote together for your system.
Step 1)
yum -y install rbldnsd
Note: rbldnsd is not provided by Atomicorp.
Step 2) Configure rbldnsd
For a local resolver, all you need to do is add this single line to your /etc/sysconfig/rbldnsd file:
RBLDNSD="dsbl -u rbldnsd -b127.0.0.01/750 -a -v -f -c60 -r/home/rbldnsd/zones threat1.atomicrbl.com:ip4set:threat1.rbl atomicrbl.com:generic:atomicrbl.com threat2.atomicrbl.com:ip4set:threat2.rbl threat3.atomicrbl.com:ip4set:threat3.rbl threat4.atomicrbl.com:ip4set:threat4.rbl threat5.atomicrbl.com:ip4set:threat5.rbl test.atomicrbl.com:ip4set:test.atomicrbl.com"
By default, in Redhat and Centos, everything else should be commented out in this configuration file. If its not, comment it out, you will only need this line in that file.
Step 3) create the rbldnsd user
useradd rbldnsd
Step 4) create the zone directory
mkdir /home/rbldnsd/zones
Download the zones
Step 1) Request access
See the top of this document for access. Access to the zones, for local DNS mirroring, is restricted and is restricted to existing customers only.
Step 2) Use rsync to download the zones
Note: Do not run this more often than hourly at this time.
rsync -azv rsync.atomicrbl.com::atomicrbl/* /home/rbldnsd/zones
Note: Our zones are formated for rbldnsd, an fast and low memory footprint DNS server designed for RBLs.
Step 3) Start rbldnsd
/etc/init.d/rbldnsd start
Step 4) Configure your DNS server to forward to rbldnsd for atomicrbl.com
For bind, add this to your /etc/named.conf file:
zone "atomicrbl.com" {
type forward; forward first; forwarders { 127.0.0.1 port 750; };
};
Step 5) Restart named/bind
/etc/init.d/named restart
Step 6) Test resolution
nslookup 2.0.0.127.test.atomicrbl.com
If you have things setup correctly to use a local resolver on your system, you should see this:
Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: 2.0.0.127.test.atomicrbl.com Address: 127.0.0.1
Remote Resolver
These instructions are for organizations that want to provide a copy of the zones to their local systems, without installing local copies on those systems.
Note: Do not run a public remote resolver. If you would like to run a public resolver, please let us know, theres some additional software you will need.
Software Installation
Note: These instructions are for Redhat and Centos based systems, please other operating systems contact your OS vendor for instructions for installing rbldnsd on your system, or if you need assistance from us please let us know and we'll put a quote together for your system.
Step 1)
yum -y install rbldnsd
Note: rbldnsd is not provided by Atomicorp.
Step 2) Configure rbldnsd
For a local resolver, all you need to do is add this single line to your /etc/sysconfig/rbldnsd file, and you must change the IP address 1.2.3.4 to your servers IP address:
RBLDNSD="dsbl -u rbldnsd -b1.2.3.4 -a -v -f -c60 -r/home/rbldnsd/chroot -w zones threat1.atomicrbl.com:ip4set:threat1.rbl atomicrbl.com:generic:atomicrbl.com threat2.atomicrbl.com:ip4set:threat2.rbl threat3.atomicrbl.com:ip4set:threat3.rbl threat4.atomicrbl.com:ip4set:threat4.rbl threat5.atomicrbl.com:ip4set:threat5.rbl test.atomicrbl.com:ip4set:test.atomicrbl.com threat6.atomicrbl.com:ip4set:threat6.rbl threat7.atomicrbl.com:ip4set:threat7.rbl alert6.atomicrbl.com:ip4set:alert6.rbl -l +/logs/rbldnsd.log -s /logs/rbldnsd_stats"
By default, in Redhat and Centos, everything else should be commented out in this configuration file. If its not, comment it out, you will only need this line in that file.
Step 3) create the rbldnsd user
useradd rbldnsd
Step 4) create the rbldnsd directories
mkdir /home/rbldnsd/chroot
mkdir /home/rbldnsd/chroot/logs
mkdir /home/rbldnsd/chroot/zones
Download the zones
Step 1) Request access
See the top of this document for access. Access to the zones, for local DNS mirroring, is restricted and is restricted to existing customers only.
Step 2) Use rsync to download the zones
Note: Do not run this more often than hourly at this time.
rsync -azv rsync.atomicrbl.com::atomicrbl/* /home/rbldnsd/chroot/zones
Note: Our zones are formated for rbldnsd, an fast and low memory footprint DNS server designed for RBLs.
Step 3) Start rbldnsd
/etc/init.d/rbldnsd start
Step 4) Test resolution
nslookup 2.0.0.127.test.atomicrbl.com
If you have things setup correctly to use a local resolver on your system, you should see this:
Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: 2.0.0.127.test.atomicrbl.com Address: 127.0.0.1
Step 5) Setup logrotation for the resolution logs
Add this file:
/home/rbldnsd/chroot/logs/*.log { rotate 30 daily compress missingok notifempty create 0644 rbldnsd rbldnsd sharedscripts prerotate /sbin/service rbldnsd stop endscript postrotate /sbin/service rbldnsd start endscript }
To this directory:
/etc/logrotate.d