spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Cole" <sausers-20150...@billmail.scconsult.com>
Subject Re: Barracuda Reputation Block List (BRBL) removal from the SA ruleset
Date Sun, 11 Feb 2018 21:55:25 GMT
On 11 Feb 2018, at 9:54 (-0500), Benny Pedersen wrote:

> first query would be valid for 300 secs, but that is imho still not 
> free, problem is that keeping low ttls does not change how dns works, 
> any auth dns servers will upate on soa serial anyway, the crime comes 
> in when sa using remote dns servers that ignore soa serial updates
>
> in that case ttls would keep spammers listed for 300 secs only

That's not how DNS TTLs work.

When a record's TTL elapses in the local name cache, it is dropped. The 
next query for that name and record type causes the resolver to make 
another query to the authoritative nameservers, which will return the 
same record whose TTL expired unless it has been removed from the zone. 
No standards-conforming DNS resolver returns NXDOMAIN based on the lack 
of a non-expired record in its cache and an unchanged SOA serial above 
the name. That would make no sense at all and require many more SOA 
queries than actually happen.


-- 
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole

Mime
View raw message