ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] NXDOMAIN cache behavior, was draft-levine-iprangepub-01

2011-01-05 18:01:41
from [Chris Lewis] [Permanent Link] 
On 1/5/2011 2:41 AM, Steve Atkins wrote:


On Jan 4, 2011, at 10:44 PM, John Levine wrote:



With that said, I still like my b-tree hack, which makes queries that
shouldn't get either NOERROR or NXDOMAIN, a lot better as a way to
publish ranges of addresses in a DNSxL.


If you're going to the effort of adding that much functionality
at the client end, switching to a better matched protocol instead
might be better. All the high traffic DNSBL users already use
a push protocol of sorts. Moving to a better, more standardized
one might be a win. A local server for protocol X could still offer
a DNS interface to the MTA to ease implementation
I must confess to a bit of confusion. We seem to be talking about really naive IPv6 DNSBL implementations blowing out caches on high volume, and yet, at the same time, we acknowledge that the large DNSBL users already download zone files.
Rsync is essentially the defacto standard for bulk DNSBL transfer, and as you say it's "not awful". So, we don't seem to have a significant difficulty with that.
I do know of one (commercial) blacklisting system that does use a more explicitly "incremental" distribution mechanism, but it's probably not that much better than rsync, and in fact it may be worse.
Even if we were to do something as simplistic as chop IPv6 queries at the /64, given that the number of spammers and bots doesn't magically go up simply because there's more bits to hide in, the caching problem appears to not that much worse than it already is with IPv4.
IOW, some of the discussion threads here seem to be solutions looking for problems.
Clearly things are going to shift somewhat. But, it doesn't look like the real future is much more than:
1) Some mechanism for CBL/XBL single-IP DNSBLs to remain useful (eg: hardcoded /64 truncation or some mechanism like John's) for Internet query from small sites.
2) Zone download (Rsync or perhaps something better) becoming more prevalent.
3) DNSBL operators will be more conscious of query load and will more forcefully terminate abusers. 

Perhaps we might do more work in (2), to specify zone formats for download.
While the tradeoff volumes for query versus zone downloads/incrementals may well shift, it will just about be never advantageous for small sites doing a few dozen emails per day to take a whole zone of something as big as the XBL. Besides, in many cases, that introduces latency delays. 
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] draft-levine-iprangepub-01, John Levine
Next by Date:  Re: [Asrg] NXDOMAIN cache behavior, was draft-levine-iprangepub-01, Steve Atkins
Previous by Thread:  Re: [Asrg] NXDOMAIN cache behavior, was draft-levine-iprangepub-01, Matthias Leisi
Next by Thread:  Re: [Asrg] NXDOMAIN cache behavior, was draft-levine-iprangepub-01, Steve Atkins
Indexes:  [Date] [Thread] [Top] [All Lists]