Some time ago I wrote about setting up a local mirror for a DNS blacklist using RBLDNSD and Bind.
Although that works fine and definitely gives a speed up to servers on the network I’d really like to know what is happening ie. how many queries.
One of the more commonly used tools for plotting information from devices and daemons is MRTG which is very powerful and flexible, although configuring it can be “fun” 🙂
We’re currently providing two separate instances of RBLDNSD. One of them is for internal usage only and is not public.
The other is public and currently acts as a mirror for both URIBL and SURBL.
Although I may expect more traffic on SURBL than on URIBL, as SURBL is part of SpamAssassin, I wanted to know exactly how much traffic and queries were being generated.
In order to turn on logging you need to add -s +logfile to the rbldnsd script. This will tell it to log to the logfile you define which resides in the directory with your zone data.
The problem is then to parse the logs and get some meaningful data. Although I’m sure that there are plenty of people using rbldnsd with MRTG I wasn’t able to find anything via Google.
For URIBL I got a little perl script from another DNS admin which parses the RBLDNSD logs for MRTG.
Although this *should* work for the SURBL data (at least in my mind) it doesn’t, but Dhawal was able to point me in the direction of a post by Jeff Chan last year that explained how to do it.
The instructions in Jeff’s post will almost work, but indexmaker was complaining about the sections being denoted by a H2 instead of the default H1. If you modify that to a H1 it will work nicely.
Where do i find the rbldnsd script? ive looked everywhere