Integrating jwall-rbld

If you want to setup the jwall-rbl daemon within your network you might want to take some architectural considerations into account.

This section is intended to provide some ways to setup jwall-rbld within some environment. Since the daemon is rather experimental at this current stage, I'd recommend to run it in a test-environment for now. The best choice to include it into your systems, is by running a local DNS cache on your ModSecurity machines, which will query the jwall-rbld service only for the domain-name you chose for your RBL (e.g. rbl.localnet).

A very nice and easy way to do this, is by using the dnsmasq daemon. This allows you to route DNS queries for specific domains to your jwall-rbld. Setup of the dnsmasq is described in the following section.

Using a local DNS cache with jwall-rbld

The best way to use jwall-rbld is to install a local DNS cache on your ModSecurity machines. This will speed up the DNS lookups and provide you with a stable setting.

A very good local DNS cache is provided by the dnsmasq caching server. This local DNS cache can be configured to send DNS queries for specific domains, e.g. rbl.localnet to a predefined DNS server, i.e. your local jwall-rbld.

The benefit of this setting is, that you can selectively route only queries to rbl.localnet to the jwall-rbld, while all other DNS queries are sent to your default resolvers.

To do this, install dnsmasq and add the following line to your /etc/dnsmasq.conf file:

server=/rbl.localnet/127.0.0.1#15353

This will send all subsequent DNS queries for domain rbl.localnet to your RBL powering jwall-rbld.