spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David F. Skoll" <...@roaringpenguin.com>
Subject TTL and DNSBLs (was Re: SpamTips.org: Why run your own DNS server?)
Date Mon, 04 Jul 2011 13:24:19 GMT
On Mon, 04 Jul 2011 13:52:00 +0200
Axb <axb.lists@gmail.com> wrote:

> BLs generally adjust their negative TTL to get a practical balance 
> between query load and positive hits.
> Gaming these settings can become a costly process.

My experiments on real mail servers show that DNS caching is quite
ineffective for DNSBLs (at least for typical ones like Spamhaus that
use a short TTL on the order of 15-30 minutes.)

Results of my experiments are in these slides (PDF):
http://ipv6summit.ca/index.php/v6/2011/paper/view/8/4

Executive summary: On a very quiet mail server, assuming a 15-minute
TTL, there was only a 50% cache hit rate on DNSBL lookups.  On a
fairly busy mail server, the cache hit rate fell to 22%.

The problem, of course, is that most mail servers are hit by
connections from all over the place... spammers have a lot of IP
addresses to choose from, so you don't get much repetition within the
TTL of a typical DNSBL.  If you really need high-performance DNSBL
lookups, you need to arrange for a zone transfer and run a local
authoritative name server for the DNSBL.

Regards,

David.

Mime
View raw message