On Mon, Aug 20, 2012 at 11:08 AM, Emanuele Balla (aka Skull)
<skull(_at_)bofhland(_dot_)org> wrote:
Note anyway that we're only considering the case of positive DNS answers
(or listed entities), but I'd expect that most of the cache blowup
problem will be generated by NXDOMAINs, at list at first.
We have much less control on that...
There may be slight differences if we consider the wider case of
DNSxLs in general, ie including whitelists which may have different
cache characteristics. At dnswl.org, we can generally live with TTLs
in the order of magnitude of days (although we make them shorter so
that we can remove/change entries reasonably fast).
At present, we have ~180k IPs listed (IPv4, there are only a handful
of IPv6 addresses which we do not yet publish due to the unclarity
about how this should be done). There are potentially another 100k or
so IPs which we do not list (yet) for various reasons (time to edit
them, questionable source, ...).
The data changes very slowly, most often somewhere between 50 and 250
changes per day (including score changes etc, not necessarily
removed/added IPs); some exceptional days may have 1'000 or 2'000
changes.
As long as operators of "legitimate" sending mail systems do not
change the distribution/IP patterns of their mailservers dramatically
in an IPv6 world (and there are few reasons why they should do so),
there is little impact on DNS infrastructure (auth + cache).
For the case of abusive behaviour (ie, spammer using vast pools of IP
addresses, eg > 10^3 IP addresses, either snowshoe-like or in cannon
style), DNS caches will only blow if receiving systems are "dumb", ie
do not handle dDoS-like patterns appropriately. That's already an
issue today, and will only be "somewhat worse" in an IPv6 world.
-- Matthias
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg