ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] 2. Improving Blacklists and Reputation Services

2004-02-11 07:46:16
from [Hallam-Baker, Phillip] [Permanent Link] 
A new RR with its own format or a TXT record with its own 
format. I am 
not talking about a free form format, rather something like LMAP.


The info I get from the DNS engineers is that new RRs take a very long time
to propagate. DNS servers are not required to support them or forward them
under the standard.

We almost certainly do not need a TXT record per entry. If we do there
starts to be a scaling issue on the back end. If you have 60 million domains
to track you need to keep a handle on the per-domain data. 3 bytes per
domain is 120 Mb. 32 bytes per domain is 1.2Gb and so on...

And that memory footprint will affect caches as well.

What I suggest is that we use an A record for _per_domain_ info and a TXT
record to describe the format of the record - see my accreditation draft.



What I am basically trying to figure out is whether taking the entire 
mix of DNSBLs outthere with all of their various response codes, 
formats, etc. and standardazing it would help.


Trying to get people to change what they are doing today in a major way is
going to fail. They will all wait for someone else to move. Much better to
work out how to work within the system. A single TXT record giving
descriptive information solves that problem.

With the metadata approach you can also tell the user that there is
additional info that is NOT in A records. For example a link to a digital
certificate, and yes a TXT record if it is really necessary and useful.



For major ISPs, bulk transfer of data might be better. To avoid DDOS, 
P2P might be better. There are other cases.


DDoS is a solved problem for the core DNS. That is why Vixie used it in the
first place.

Bulk transfer is a useful supplement, but remember that we have been through
this whole thing in the PKI space for 15 years and the trend has been away
from CRLs to OCSP/XKMS. In other words the opposite to what you suggest.

I would expect that there would be alternative arragements for the major
ISPs. But remember that they get their .com data that way so they can do it
for their spam data.


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 3b. SMTP Session Verification - The Forwarding Problem, Yakov Shafranovich
Next by Date:  Re: [Asrg] 3b. SMTP Session Verification - The Forwarding Problem, Jon Kyme
Previous by Thread:  Re: [Asrg] 2. Improving Blacklists and Reputation Services, Yakov Shafranovich
Next by Thread:  Re: [Asrg] 2. Improving Blacklists and Reputation Services, Viktor S. Grishchenko
Indexes:  [Date] [Thread] [Top] [All Lists]