spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matus UHLAR - fantomas <uh...@fantomas.sk>
Subject Re: TTL and DNSBLs (was Re: SpamTips.org: Why run your own DNS server?)
Date Thu, 07 Jul 2011 12:39:48 GMT
>On Thu, 7 Jul 2011 11:50:44 +0200
>Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
>> Negative caching can be effective or in this case even
>> ineffective too, can't it?

On 07.07.11 08:26, David F. Skoll wrote:
>The point is that by definition, you can't have a per-IP negative-cache TTL.

We can have per-IP positive cache and per-zone negative cache. As you 
mentioned earlier, spamhaus uses 15-30 min TTL. I found it use 900s 
(=15m) positive TTL and 150s (=2.5min) negative TTL.

And in case of repeating the same IP's (which happens especially with 
remote mailservers) the negative cache helps much.

In fact, I think that DNSBL's operators should provide the same TTL for 
both positive and negative answers, that can be even as big as 12-24h 
for dynamic/policy block lists. It's alwayt onto clients' nameserver to 
decide which it will cache and which not, mostly based on their usage.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759

Mime
View raw message