IETF Logo Mail Archive

Re: [Asrg] DNSBL and IPv6

"John Levine" <johnl@taugh.com> Sat, 20 October 2012 21:41 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADB3521F8471 for <asrg@ietfa.amsl.com>; Sat, 20 Oct 2012 14:41:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -111.714
X-Spam-Level:
X-Spam-Status: No, score=-111.714 tagged_above=-999 required=5 tests=[AWL=0.485, BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Hy5V5NEdfA6 for <asrg@ietfa.amsl.com>; Sat, 20 Oct 2012 14:41:12 -0700 (PDT)
Received: from leila.iecc.com (leila6.iecc.com [IPv6:2001:470:1f07:1126:0:4c:6569:6c61]) by ietfa.amsl.com (Postfix) with ESMTP id 70E9621F846F for <asrg@irtf.org>; Sat, 20 Oct 2012 14:41:12 -0700 (PDT)
Received: (qmail 49447 invoked from network); 20 Oct 2012 21:41:10 -0000
Received: from leila.iecc.com (64.57.183.34) by mail1.iecc.com with QMQP; 20 Oct 2012 21:41:10 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:vbr-info; s=50831a76.xn--yuvv84g.k1208; i=johnl@user.iecc.com; bh=zPjfwscbmrmAA2N9SqbccHllpRHLI39eLTviOMG/uKg=; b=jM1J8yyxamvVljeD0nl0tL1ypD5pE1yPnSYTLsH0W3nTH+EKPk0W3XnK1PjCCntdXpGmJAyvZav20nYJIsdECcp1Tvgmqk4len6s4RFeEMpwUCj1ommMyrcYOWYgml2YSWQG1XM7kFaaVCjbXHPCkm/iK/G2ha/VPx7G9JMol14=
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:vbr-info; s=50831a76.xn--yuvv84g.k1208; olt=johnl@user.iecc.com; bh=zPjfwscbmrmAA2N9SqbccHllpRHLI39eLTviOMG/uKg=; b=IOsGpduCVrRdSi6b8ecy8Xk98vaF9YOypw8jSpM8YE+ZBuSUxr6GkULm2/B1EHFTIMVqt5qA6rqEbhvTrrBMVcwbaARpu+CqLm8dO1fchokMY+meA0ZKYdOAhDR6ebwxeQzfg3BpB68sWCWFB4OnLFLu9Pen0HqlLe58GBS2jqI=
VBR-Info: md=iecc.com; mc=all; mv=dwl.spamhaus.org
Date: 20 Oct 2012 21:40:48 -0000
Message-ID: <20121020214048.3105.qmail@joyce.lan>
From: "John Levine" <johnl@taugh.com>
To: asrg@irtf.org
In-Reply-To: <5C0A004C-1BAD-4103-85C2-B94B718F0367@blighty.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 7bit
Subject: Re: [Asrg] DNSBL and IPv6
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Oct 2012 21:41:13 -0000

>The only relevant difference between v4 and v6 DNS based blacklisting is
>that the ability to easily hop around *within* your /64 makes it
>possible (easy) to blow the cache of a traditional caching DNS resolver
>if you do naive "look up a record based on the IPv6 address".

That's always been our assumption, but there is at this point precious
little evidence that MTAs that query DNSBL through caches (as opposed
to those who have a local rsync mirror) have a cache hit rate much
greater than zero.  If in fact they don't, the same design, perhaps
with a little TTL tuning to give clients a hint about which ones are
worth caching, could work no worse than they do now for similar mail
volumes.

That's why I want to do the cache simulations, to figure out what's
going on now.  It shouldn't be terribly hard, and we have people
offering data.  Want to help?

R's,
John

v2.8.7 | Report a Bug | By Email