Emanuele Balla (aka Skull) wrote:
Straight to the point: abusive URLs on legit domains . There's no
(easy/effective) way to encode an entire URL in a DNS request.
At least, that's the reason why I've been thinking about this topic for the
4 years... :-\
Can't you just use HTTP for that? There is an easy and effective way to encode
URLs in HTTP - and HTTP is pretty good at returning all sorts of responses: a
single character (0=good, 1=bad), some XML, some JSON, something else. There is
obviously some overhead from the TCP connection and the request and response
headers, but I wonder if there are many cases in which:
- this overhead is a huge problem;
- the request can't easily be 'encoded' into DNS.
Rich's examples all seem pretty easy to encode into DNS, but more importantly,
to me they shout for HTTP POST. When Rich's idea of asking for context
(expiration time, range to which the answer applies) is used well, it could
actually save you a lot of further requests.
Note: some web proxies are already using HTTP to make requests about whether a
particular URL is bad. In web proxies time really does matter (delaying all web
pages by a second seriously affects perceived performance).
Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.
Asrg mailing list