Re: Re: DNS load research
2005-03-24 19:59:15
David MacQuigg wrote:
I propose that we add a mask modifier that looks like this:
-m=64/6 m=80.66/16 m=192/3
Cool idea, but why do we need any more syntax? How is that different
from:
-ip4:64/6 -ip4:80.66/16 -ip4:192/3
?
The SPF compiler would just put those shortcuts in the first record.
I think you misunderstood. The legit outgoing servers _are_ on those
nets, so you don't want to fail them with -. An way to exclude IP
ranges is needed.
What is the advantage of excluding ranges to reduce the number of
lookups, when we can eliminate *all* lookups by compiling the SPF
record? I would just say: keep your SPF records very simple, well under
the limit of 10 lookups, or use the compiler.
Because the records of the biggest mail servers (hotmail, ebay, probably
others who use a lot of ISPs for redundancy) expand to a compiled record
of more than 450-bytes (schlitt-00 draft), and then it has to be split
into two records or more.
Both of those two domains are among the most often forged. The TTL of
their SPF records is 1 hour each. So their DNS traffic is pretty heavy.
Generally, the bigger an uncompiled record is, the more likely it is
that the TTL of the compiled record will be lower due to some A
mechanism that has a low TTL.
So, given all these facts, a mask included in the top SPF record will
probably avoid the need to read the second (and remaining) records most
of the time. That implies a reduction in DNS traffic by half for these
large installations. I can only guess that their DNS traffic is already
huge. Half of huge would be a good chunk. The bigger the full record is,
the more significant the savings (you could save 2/3 or 4/5 or 5/6 of
the queries otherwise required to find out what the default result is
for a non-matching IP)
The mask would also help with the virus scenario, in that an (compiled)
SPF record spanning multiple TXT records (using includes/redirects)
would need to be fully expanded only a small proportion of the time
(which depends on how good the coverage of the mask is). Depending on
the max lookup limit, this means that most of the time you might have to
do 1 lookup instead of 4, 5, or 10 lookups. On a percentage basis,
that's a huge amount of DNS traffic avoided.
Radu.
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: Re: DNS load research, (continued)
- Re: Re: DNS load research, Stuart D. Gathman
- Re: Re: DNS load research, Radu Hociung
- Re: Re: DNS load research, David MacQuigg
- Re: Re: DNS load research,
Radu Hociung <=
- Re: Re: DNS load research, Andy Bakun
- Re: Re: DNS load research, Andy Bakun
- Re: DNS load research, Frank Ellermann
- Re: Re: DNS load research, Radu Hociung
- Re: DNS load research, Frank Ellermann
- Re: Re: DNS load research, Radu Hociung
- RE: Re: DNS load research, Scott Kitterman
- Re: Re: DNS load research, Radu Hociung
- Re: DNS load research, Frank Ellermann
- Re: Re: DNS load research, Radu Hociung
|
|
|