spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthias Leisi <matth...@leisi.net>
Subject Re: IPv6 DNSBL/WL design, was Fwd: [Asrg] draft-levine-iprangepub-01
Date Thu, 30 Dec 2010 19:12:35 GMT
(Same error on this mail, I should pay more attention to To: and the
reply button. Sorry for the mess)

On Thu, Dec 30, 2010 at 8:10 PM, Matthias Leisi <matthias@leisi.net> wrote:
> On Thu, Dec 30, 2010 at 7:43 PM, John Levine <johnl@taugh.com> wrote:
>
>>>Any protocol that makes lookups in a huge adress space efficient and
>>>efficiently-cacheable is going to leak much of the list information.
>
> As an operator of a whitelist, I don't care too much about this. Yes,
> theoretically someone could get our data by doing "enough" queries to
> public nameservers. But I doubt it will be worth the effort for the
> "attacker": he would keep doing this over and over again to keep up
> with the changes, and would sooner or later be blocked due to too high
> traffic on the public nameservers.
>
>> a large zone file.  The tradeoff point where it's cheaper than doing
>> queries is quite high.  If you've got a giant mail system, it makes
>> sense, but if you have one or two MTAs, even fairly busy ones, it
>> doesn't.
>
> I believe (although I haven't thought it through) that this largely
> depends on the amount of changes in the list data. At dnswl.org, our
> data changes only slowly. Rsync transfers are very efficient in terms
> of bandwidth, but CPU intensive nevertheless.
>
> -- Matthias
>

Mime
View raw message