On 04/03/2013 18:28, Martijn Grooten wrote:
Emanuele Balla (aka Skull) wrote:
Straight to the point: abusive URLs on legit domains . There's no
(easy/effective) way to encode an entire URL in a DNS request.
At least, that's the reason why I've been thinking about this topic for the last
4 years... :-\
Can't you just use HTTP for that?
Well, HTTP seems a bit 'heavyweight' for this to me. That's one of the
advantages of DNS - it's UDP, so no packets to set up short-lived
sessions. (Other advantages, AFAICS, are distributed caching, and
I suppose you could keep a HTTP session open for a while, but, you'd
need a beefy server to handle the zillions of sessions you'd have to
have open at once. DNS doesn't have 'sessions' so you don't have this
OTOH, a disadvantage of DNS is that it's UDP, so you have to handle
retries etc yourself.
So, if you're looking at something like this, you need to first of all
think UDP or TCP? UDP is easy & quick to have lots of packets flying
around, but you have extra work to handle retries, and some of the
benefit of UDP could be gained by just having long-lived sessions
between reputation source and reputation checker. But, this may cause
issues for servers and firewalls (could a typical server/firewall have
hundreds of thousands of active TCP sessions? A NAT firewall would die
quickly, but could a non-NAT firewall cope?)
If you decide UDP is the most efficient, then DNS is very attractive,
because you already have distributed caching 'built-in' to the Internet
infrastructure, but if we're willing to dump that capability, then I'm
fairly sure we could come up with something with the suitable
capabilities which would fit in a UDP packet size - once we can decide
what the 'suitable capabilities' are...
If TCP is the way to go, then the world is your oyster, but I'd be
concerned about speed and the server requirements. Anyone know how many
queries someone like Spamhaus gets an hour?
Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
Asrg mailing list