----- Original Message -----
From: "wayne" <wayne(_at_)midwestcs(_dot_)com>
To: "SPF discussions" <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Saturday, February 21, 2004 9:49 AM
Subject: Re: [spf-discuss] DMP vs SPF
In <000901c3f875$224a69b0$6401a8c0(_at_)FAMILY> "Hector Santos"
<winserver(_dot_)support(_at_)winserver(_dot_)com> writes:
SPF itself has added atleast 1 to 3 seconds to the session time.
Does SPF add a constant 1-3 seconds, or does it vary widely with a 1-3
second average?
It depends on whether is a first time (new domain) lookup and whether the
domain exist or not. So far for today, I am seeing a near consistent +1 to
5 seconds lookup. As I noted to Meng, this could be our primary server
DNS setup issue with our uplink. But its been optimized a long time ago and
untouched. The behavior seems intermittent, so I am not sure. We will look
at it (DNS setup setup) again this week.
But even from my home DSL link using my BellSouth DNS servers, I am seeing
the same type of behavior with first time existing vs non-existing domain
delays. So I am not too sure this is a setup issue, but just a network DNS
delay issue with non-authoritive forwarding queries.
The in-addr subdomains are notorious for being poorly run. There
tends to be lots of addresses that timeout causing a >5 second delay.
(IIRC, there are RFCs that say that all IP addresses that are used
must have a valid in-addr pointer, but RFCs are often ignored.)
Worse, these name server failures are not cached like NXDOMAIN
failures are. So, on my system, every time I run "host 192.0.2.200",
it takes 25 seconds. The "host -t ptr 200.2.0.192.in-addr.arpa"
command is somewhat quicker, taking only 15 seconds to error out.
ahh, ok. Thanks for confirming this. I need to learn more about DNS
issues. I don't want to this become a support problem for us once we
release the new mail server with SPF support.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com