Install Rbldnsd

rbldnsd is a lightweight realtime dns-based banlist daemon. its commonly used to block email spammers and irc spam bots


rbldnsd is in ports, its easiest to download it from there

$ doas pkg_add rbldnsd

making a user

lets make a user for rbldnsd to chroot into

$ doas useradd -m -d /home/rbl rbl


# su rbl
$ cd
$ mkdir zones
$ vi zones/naughty

rbldnsd zonefiles are a bit different than bind or nsd zonefiles, read the manpage or the website's shortened documentation for how they are written. below is a simple example.

# just a normal ip
# custom A response :5
# make a TXT record this sent naughty spam
# custom A response and TXT record :7: this is an infected host

rc.d service



daemon="/usr/local/sbin/rbldnsd -ve -b 2602:fccf:1:1017::6 -u rbl:rbl -r /home/rbl -w zones"

. /etc/rc.d/rc.subr

pexp="rbldnsd .*"
rc_cmd $1

lets enable it to start on boot and turn it on

$ doas rcctl enable rbldnsd
$ doas rcctl start rbldnsd


if it fails, you can run the command from the daemon= line as root and it should give you more verbose output. remember to rcctl restart rbldnsd to make sure the rc.d file works after

delegate dns to it

note that you would also put an A record if you made rbldnsd listen on ipv4 too

ns1.dnsbl    3600  IN    AAAA    2602:fccf:1:1017::6
dnsbl        3600  IN    NS      ns1.dnsbl

test if it works

assuming you have listed from the above example zone, reverse the octets and dig it!

dig A

finding ips to list

scraping proxy lists

sometimes you can find websites listing proxy ips with google

using an api

websites like shodan let you search for ips meeting certain criteria like a certain port open with a socks proxy etc


note that this is frowned upon by many hosting providers, so make sure you have permission, eg a Linode Researcher account, or else your host might ban you

this section is probably a bad idea

globbing in the rc file

since rbldnsd does not support globbing its zonefile names, you can do it with its rc file, so you do not have to manually edit it every time you make more zones.

cd /home/rbl/zones
daemon="/usr/local/sbin/rbldnsd -ve -b 2602:fccf:1:1017::6 -u rbl:rbl -r /home/rbl -w zones$(echo ipv4* | tr [[:space:]] ,)$(echo ipv6* | tr [[:space:]] ,)$(echo combined* | tr [[:space:]] ,)"

. /etc/rc.d/rc.subr

pexp="rbldnsd .*"

rc_cmd $1