ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: The Computational Load of MARID

2004-05-14 16:23:41
from [Hallam-Baker, Phillip] [Permanent Link] 



Agreed.  Per-IP-based queries don't leverage DNS caching 
nearly as well.


We need to define a set of IP addresses.

I see the following issues:
        * Compactness of the representation
        * Number of round trips required to retreive
        * Administrative complexity
        * Compatibility with dynamic dns updates
        * Cache and distribution compatibility

I don't find the Ipv6 arguments very persuasive, at most they say that we
need to be able to deal with address ranges. I don't think that anyone is
going to operate mail service from 1000 IP addresses that are all in
separate blocks. 

I am not in any case going to lose any sleep over whether IPv6 
support might cause records to go over 500 bytes. In the first place
I don't think anyone is going to be running IPv6 without EDNS.
I'll not mention the second obvious reason not to worry.


I think that there is a solid case for static IP address ranges.
The complexity of ranges over a static value is negligible.

I think that there is also a solid argument for at least as much
management flexibility as we have for MX records. Static address
records will be much harder to manage because sysadmins will have
to make sure they update their outgoing mail servers in more than
one place.

I am unconvinced by the claim that MX processing (or for that 
matter any DNS name translation) has an unacceptable load. The
sender does this already, if it is a real issue then we can 
place a limit on the number of recursive lookups. I don't know
that you would need more than one lookup.

Question - should we allow for ranges with a name lookup,
ie class-c.hotmail.com/24  ?

Point is that hotmail can easily have a thousand machines
at work. I do not believe they are likely to have more than 
ten separate address ranges...


The DMP, reverse IP address style lookup has the nice property
of allowing any IP address to be verified in 2 round trips.
It also works for dynamic DNS type configurations and does
not have any issue with address size. The big problem is that
it requires separate admin of the IP address space.

This separate admin issue is pretty easy to deal with if you
have the right tools. It is probably a legit point of view that
people should put intelligence into DNS servers rather than 
require multiple round trip queries.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Don't get MARID confused with anti-spam proposals (was: The C omputational Load of MARID), Hallam-Baker, Phillip
Next by Date:  Draft submitted for Client Address Authorization., Douglas Otis
Previous by Thread:  RE: The Computational Load of MARID, Harry Katz
Next by Thread:  IPv6/MARID, Arnt Gulbrandsen
Indexes:  [Date] [Thread] [Top] [All Lists]