(I'm a bit late getting back to this, my apologies)
On 1/25/2012 4:08 PM, Steve Atkins wrote:
(Queries to DNSBLs and similar trees - e.g. in-addr.arpa - do damage that
somewhat, by creating a large number of different queries few of which are
reused, hence tending to evict higher value records from the cache. But that's
orthogonal to what we're discussing here, really.)
And, one might argue, an artifact of poor cache expiry policies. At
least in my version of an ideal world, I'd want to keep records in the
cache based on frequency of use over nearly anything else (within the
TTL lifetime, of course)
However, in the context of DNSBLs, you may well have the same problem as
in-addr.arpa in that there are a lot of records that will have limited
cache re-use. Still, if a DNSBL is overloaded, increasing TTLs and
encouraging (rather than discouraging or prohibiting) use of public
caches would probably decrease load on the DNSBL servers.
For example, with a DNSBL negative-caching at, say, 150 seconds, my
servers check Gmail's outbound IPs for DNSBL listings, on average, every
180 seconds or so. Were I and 10 of my best friends running similarly
sized mail servers to start querying 8.8.8.8 instead of using our own
internal resolvers, a DNSBL might see one hit every 150 seconds instead
of 1 every 18 seconds (10 every 180 seconds).
Now that being said, as a matter of practice I wouldn't suggest we start
suggesting mail server operators start using Google's public DNS as
their primary DNS. However, the reality of it is that the majority of
people hit by "listing the Internet for over-quota usage" policies were
using shared (or public) DNS resolvers, most weren't actually hitting
any sort of limit due to their own traffic.
Obviously if a DNSBL keeps their TTLs (positive and negative) too low
then aggregating queries does little good, and there does need to be
some level of responsiveness. However, if a DNSBL recommends a hourly or
daily rsync for rsync users, that might suggest a starting point for TTLs.
At the end of the day though, it's not about stopping abuse or people
hammering the DNSBLs, but rather, it's about making it more convenient
for larger players to pay money for a valuable service. That's not
really unfair, and the freemium model is always a complicated one with
potential holes for abuse, but it's disingenuous to declare that
listing-the-internet is the only way to cut down query volume.
--
Dave Warren, CEO
Hire A Hit Consulting Services
http://ca.linkedin.com/in/davejwarren
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg