spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrzej Adam Filip <andrzej.fi...@gmail.com>
Subject DUL/DUL+ redesign to improve DNS cache hit ratio [Was: TTL and DNSBLs]
Date Tue, 05 Jul 2011 21:19:04 GMT
"David F. Skoll" <dfs@roaringpenguin.com> wrote:
> On Mon, 04 Jul 2011 13:52:00 +0200
> Axb <axb.lists@gmail.com> wrote:
>
>> BLs generally adjust their negative TTL to get a practical balance 
>> between query load and positive hits.
>> Gaming these settings can become a costly process.
>
> My experiments on real mail servers show that DNS caching is quite
> ineffective for DNSBLs (at least for typical ones like Spamhaus that
> use a short TTL on the order of 15-30 minutes.)
>
> Results of my experiments are in these slides (PDF):
> http://ipv6summit.ca/index.php/v6/2011/paper/view/8/4
>
> Executive summary: On a very quiet mail server, assuming a 15-minute
> TTL, there was only a 50% cache hit rate on DNSBL lookups.  On a
> fairly busy mail server, the cache hit rate fell to 22%.
>
> The problem, of course, is that most mail servers are hit by
> connections from all over the place... spammers have a lot of IP
> addresses to choose from, so you don't get much repetition within the
> TTL of a typical DNSBL.  If you really need high-performance DNSBL
> lookups, you need to arrange for a zone transfer and run a local
> authoritative name server for the DNSBL.

Would you recommend redesigning (mainly) DUL/DUL+ DNSBL lists to improve
DNS cache hit ratio?

-- 
[pl>en: Andrew] Andrzej Adam Filip : anfi@onet.eu
The Second Law of Thermodynamics:
If you think things are in a mess now, just wait!
  -- Jim Warner

Mime
View raw message