spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David F. Skoll" <...@roaringpenguin.com>
Subject Re: TTL and DNSBLs [per-IP negative-cache TTL]
Date Thu, 07 Jul 2011 13:54:25 GMT
On Thu, 07 Jul 2011 15:31:47 +0200
Andrzej Adam Filip <andrzej.filip@gmail.com> wrote:

> > The point is that by definition, you can't have a per-IP
> > negative-cache TTL.

> But it is possible to use a wildcard DNS record for "not listed", 
> is not it? :-)

That would not work well at all... think about the ramifications. :)
Either the cached wildcard record would prevent you from querying IPs
you've never seen before (in which case the DNSBL would be useless) or
it would forward the specific query anyway (in which case it does nothing
to solve the problem.)

Anyway, IMO, DNS should not be used for blacklist lookups over the
Internet.  DNS was never designed for that; it just happens to
sort-of-work.  DNSRBLs are frequently-changing and are supposed to
provide up-to-the-minute information.  DNS is a good protocol for
querying a local authoritative name server, but it's not good for
distributing large volumes of quickly-changing, required-to-be-fresh
data across the Internet.

(What's saving us is computing power and bandwidth.  Modern name servers
can handle a huge number of queries without too much trouble, so people
never even noticed that caching wasn't buying them anything.)

Regards,

David.

Mime
View raw message