Re: [Asrg] rDNS and cache issues, was How will we manage IPv6 spam?
Matthias Leisi <matthias@leisi.net> Mon, 20 August 2012 10:07 UTC
Return-Path: <matthias@leisi.net>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id 0D10121F84FD for <asrg@ietfa.amsl.com>;
Mon, 20 Aug 2012 03:07:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5
tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hS1ktZER939x for
<asrg@ietfa.amsl.com>; Mon, 20 Aug 2012 03:07:42 -0700 (PDT)
Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com
[209.85.214.182]) by ietfa.amsl.com (Postfix) with ESMTP id 4218421F8494 for
<asrg@irtf.org>; Mon, 20 Aug 2012 03:07:42 -0700 (PDT)
Received: by obbun3 with SMTP id un3so12693494obb.13 for <asrg@irtf.org>;
Mon, 20 Aug 2012 03:07:41 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=20120113;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:content-type:x-gm-message-state;
bh=9uaSiLdnlrpX+l3GqdAONYAqq31kSYpAiC6VkvTvY/E=;
b=G3+RK8DueNNotFHZoVWBx+qKyjqT4WAGdBA2lCgzuSODxXGvuYfl6h2yCp1nc//LlS
YZHOR/HAytqlkU71YEPqrS7k3e0+6Ymq3jlILDlk7wUMOhbX6A1j3ELKk2+mDWxdeXiU
KvU+rWGLP6kIuy1B5SWDEAYA8/KJ8qHWUKTdSvN1HuBrHC/88D6bJS1yYLoqpJfatNcT
gudAstmMwznqADwfrDTmnnELdnf/ZBG7oyIEdHFAQk3Kq/cT1ro7rGqvhtRvO3R+O3AF
X56vPvVq+nQ20RB4A70o5qL2d22QvzSR2PFFF6Ge0AiqWrVFffk3C9GB9TXRT+F6kvp/ f2cA==
Received: by 10.60.19.34 with SMTP id b2mr9826813oee.41.1345457261726;
Mon, 20 Aug 2012 03:07:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.86.41 with HTTP; Mon, 20 Aug 2012 03:07:21 -0700 (PDT)
In-Reply-To: <5031FE91.9000508@bofhland.org>
References: <20120819233836.95876.qmail@joyce.lan>
<5031FE91.9000508@bofhland.org>
From: Matthias Leisi <matthias@leisi.net>
Date: Mon, 20 Aug 2012 12:07:21 +0200
Message-ID: <CALgnk9oddhOwyuw085963t0CMA6oqEUt_WvuEMST1i5b+ffVLQ@mail.gmail.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQkTTM1kqp1xQ8xn3T8CH3NF6gw7n1FH8ZzO3YVI46c0AA7ALBV9VYZC4WsQjNPaA58spPhc
Subject: Re: [Asrg] rDNS and cache issues, was How will we manage IPv6 spam?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>,
<mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>,
<mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Aug 2012 10:07:43 -0000
On Mon, Aug 20, 2012 at 11:08 AM, Emanuele Balla (aka Skull) <skull@bofhland.org> wrote: > Note anyway that we're only considering the case of positive DNS answers > (or listed entities), but I'd expect that most of the cache blowup > problem will be generated by NXDOMAINs, at list at first. > We have much less control on that... There may be slight differences if we consider the wider case of DNSxLs in general, ie including whitelists which may have different cache characteristics. At dnswl.org, we can generally live with TTLs in the order of magnitude of days (although we make them shorter so that we can remove/change entries reasonably fast). At present, we have ~180k IPs listed (IPv4, there are only a handful of IPv6 addresses which we do not yet publish due to the unclarity about how this should be done). There are potentially another 100k or so IPs which we do not list (yet) for various reasons (time to edit them, questionable source, ...). The data changes very slowly, most often somewhere between 50 and 250 changes per day (including score changes etc, not necessarily removed/added IPs); some exceptional days may have 1'000 or 2'000 changes. As long as operators of "legitimate" sending mail systems do not change the distribution/IP patterns of their mailservers dramatically in an IPv6 world (and there are few reasons why they should do so), there is little impact on DNS infrastructure (auth + cache). For the case of abusive behaviour (ie, spammer using vast pools of IP addresses, eg > 10^3 IP addresses, either snowshoe-like or in cannon style), DNS caches will only blow if receiving systems are "dumb", ie do not handle dDoS-like patterns appropriately. That's already an issue today, and will only be "somewhat worse" in an IPv6 world. -- Matthias
- [Asrg] How will we manage IPv6 spam? John R. Levine
- Re: [Asrg] How will we manage IPv6 spam? Daniel Feenberg
- Re: [Asrg] How will we manage IPv6 spam? Michael Thomas
- Re: [Asrg] How will we manage IPv6 spam? Daniel Feenberg
- Re: [Asrg] How will we manage IPv6 spam? Paul Smith
- Re: [Asrg] How will we manage IPv6 spam? Michael Thomas
- Re: [Asrg] How will we manage IPv6 spam? John Levine
- Re: [Asrg] How will we manage IPv6 spam? Daniel Feenberg
- Re: [Asrg] How will we manage IPv6 spam? Daniel Feenberg
- Re: [Asrg] How will we manage IPv6 spam? Paul Smith
- Re: [Asrg] How will we manage IPv6 spam? Emanuele Balla (aka Skull)
- Re: [Asrg] How will we manage IPv6 spam? SM
- Re: [Asrg] rDNS and cache issues, was How will we… John Levine
- Re: [Asrg] rDNS and cache issues, was How will we… Emanuele Balla (aka Skull)
- Re: [Asrg] rDNS and cache issues, was How will we… Matthias Leisi
- Re: [Asrg] rDNS and cache issues, was How will we… John Levine