Re: [Asrg] DNSBL caches and IPv6, again
"John Levine" <johnl@taugh.com> Wed, 19 September 2012 22:27 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id 7C4E621E8044 for <asrg@ietfa.amsl.com>;
Wed, 19 Sep 2012 15:27:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -111.199
X-Spam-Level:
X-Spam-Status: No, score=-111.199 tagged_above=-999 required=5
tests=[BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3,
USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fSp6vYRj2+Dd for
<asrg@ietfa.amsl.com>; Wed, 19 Sep 2012 15:27:40 -0700 (PDT)
Received: from leila.iecc.com (leila6.iecc.com
[IPv6:2001:470:1f07:1126:0:4c:6569:6c61]) by ietfa.amsl.com (Postfix) with
ESMTP id D2A8721E8048 for <asrg@irtf.org>;
Wed, 19 Sep 2012 15:27:32 -0700 (PDT)
Received: (qmail 33780 invoked from network); 19 Sep 2012 22:27:31 -0000
Received: from leila.iecc.com (64.57.183.34) by mail1.iecc.com with QMQP;
19 Sep 2012 22:27:31 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com;
h=date:message-id:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:vbr-info;
s=505a46d2.xn--i8sz2z.k1208; i=johnl@user.iecc.com;
bh=X/iJIHT2yA1Oief5i3ST3HtOX0+dA0aveWpzSy8uwNw=;
b=n+ocpfFX3F9rrjD9o6UgOvZNwjgs80PQQXmVM+BYZ+eC1L0MVYzqrYxRrrg1M12Vlu4lKb1fN3Zv2XR+v/g6TAZmlYb8OaGxsPDALrpv8J3qlvNyHxI6AmTxCU9NSbwhdTjzY7D2XesLt+IeYxuRmG8s3qiFgs7oBgk8/VYImQ0=
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com;
h=date:message-id:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:vbr-info;
s=505a46d2.xn--i8sz2z.k1208; olt=johnl@user.iecc.com;
bh=X/iJIHT2yA1Oief5i3ST3HtOX0+dA0aveWpzSy8uwNw=;
b=W5jXFhWNCwjhJ+ss6432QzHXYGoBG3KB/yxELMxju+d/zckISsTedCBU1FDGaXLq5F6K3+hYxFVTAVqGbcLgxZvNf+5Rkf6GQ9KsXvH1qJFhCwGDeDoimGlRK3rW2OzTsE0YKsfm9x0MAjkTs5pcosgXOdH77ewE76tizDBQCGc=
VBR-Info: md=iecc.com; mc=all; mv=dwl.spamhaus.org
Date: 19 Sep 2012 22:27:08 -0000
Message-ID: <20120919222708.79455.qmail@joyce.lan>
From: "John Levine" <johnl@taugh.com>
To: asrg@irtf.org
In-Reply-To: <505A3F38.4030805@hireahit.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 7bit
Subject: Re: [Asrg] DNSBL caches and IPv6, again
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>,
<mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>,
<mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Sep 2012 22:27:41 -0000
>Isn't the fear that with IPv6, spammers simply won't use the same >address twice, thereby causing cache meltdown on a scale that isn't >possible in today's IP-scarce IPv4 world? That is my concern, but it is not at all clear how well existing DNSBL queries cache. My current working hypothesis divides the mail world into three parts: Large: big mail systems get copies of the BLs out of band, e.g. by rsync, and run a local rbldnsd on the same LAN as the mail servers. Since a local rbldnsd can respond as fast as a cache, it uses a TTL of zero to effectively bypass the cache, no problem. Medium: mail systems query public BLs and use the local DNS cache. Cache may or may not help. Small: like medium, but so little traffic that cache entries all expire before being reused, so it doesn't matter. The concern is the medium systems. I have some hints, but nobody really knows how well their queries cache. If I had data I could try some experiments. Obvious things include varying TTLs to see how that affects cache behavior. Slightly less obvious things include the BL noting how many queries it gets for an address, and returning a longer TTL for heavily queried addresses. This would require a hacked server to vary the SOA TTL on negative answers, but we know how to do that. So, anyone got server log [IP,timestamp] data they can share? R's, John
- [Asrg] DNSBL caches and IPv6, again John R. Levine
- Re: [Asrg] DNSBL caches and IPv6, again Dave Warren
- Re: [Asrg] DNSBL caches and IPv6, again John Levine
- Re: [Asrg] DNSBL caches and IPv6, again Chris Lewis
- Re: [Asrg] DNSBL caches and IPv6, again John Levine
- Re: [Asrg] DNSBL caches and IPv6, again Matthias Leisi
- Re: [Asrg] DNSBL caches and IPv6, again John Levine