The dnsreflector daemon listens for DNS queries on a local UDP port and answers with records pointing back to localhost. Combined with OpenBSD's packet filter pf(4) this works as a bandwidth efficient spamtrap.

PF Setup

table <spamd> persist
pass in proto udp from <spamd> to any port 53 rdr-to port 53000 


dnsreflector [-d] [-a address] [-p port]
-d           Run as daemon in the background
-a address   Bind to this address (default:
-p port      Bind to this port (default: 53000)
-i address   Answer with this IP instead of

This program is tested on OpenBSD and FreeBSD. If you are interested in running dnsreflector on another platform, please contact me . On popular demand I made a diff to compile dnsreflector with Linux (tested on SuSE). You will need a facility to redirect DNS queries coming from blacklisted hosts to dnsreflector.

Download dnsreflector-1.03.tar.gz

Github https://github.com/awaw/dnsreflector