Re: [Asrg] DNSBL caches and IPv6, again
Matthias Leisi <matthias@leisi.net> Thu, 20 September 2012 05:11 UTC
Return-Path: <matthias@leisi.net>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id 63CC321F8643 for <asrg@ietfa.amsl.com>;
Wed, 19 Sep 2012 22:11:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.377
X-Spam-Level:
X-Spam-Status: No, score=-2.377 tagged_above=-999 required=5
tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_42=0.6,
RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ivbWSeqm+Scg for
<asrg@ietfa.amsl.com>; Wed, 19 Sep 2012 22:11:00 -0700 (PDT)
Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com
[209.85.214.182]) by ietfa.amsl.com (Postfix) with ESMTP id A21ED21F862B for
<asrg@irtf.org>; Wed, 19 Sep 2012 22:11:00 -0700 (PDT)
Received: by obbun3 with SMTP id un3so2239408obb.13 for <asrg@irtf.org>;
Wed, 19 Sep 2012 22:11:00 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=20120113;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:content-type:content-transfer-encoding:x-gm-message-state;
bh=EZGVDsZe+pQV3aVFSy75KnpSaxl9WoQqMw0sQqIEt/w=;
b=UAmTGavIyxwWy6MdzGmr1OZHfM3MSuQlgOIlfUaqeDN6QFkelgR6RIq9iCJ4vK2sOl
drgZOrT/AeN8kM/LNwu9KG6ZfZEwhMDEhmk5N0GNfiV8/+Amc/b2eCpaddNG5n6+YJIj
dp8ImLLydToM+wUURfvMJu7kdtYTKXnMWnVn4ti39jBTEQVaESmGCcgYORsy8p4pU8Zv
z87JfEkvU9jQ3KwCh2pLIXyAVhCeZUMEeWMYm5ULenrb4Jm866rZTiSTKmwCQs79WBv1
LRg9+Ej2A3fsbeRD7hMCzSLNcQ7g4bB0rQgtOiUGJuNopc5SjgUfu70SHQjKvZ2t1e9s ofxw==
Received: by 10.60.172.49 with SMTP id az17mr470163oec.44.1348117860033;
Wed, 19 Sep 2012 22:11:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.135.35 with HTTP; Wed, 19 Sep 2012 22:10:39 -0700 (PDT)
In-Reply-To: <20120919222708.79455.qmail@joyce.lan>
References: <505A3F38.4030805@hireahit.com>
<20120919222708.79455.qmail@joyce.lan>
From: Matthias Leisi <matthias@leisi.net>
Date: Thu, 20 Sep 2012 07:10:39 +0200
Message-ID: <CALgnk9rvTgck03PUc9fQXLMq0Vw8AW8qyjkZS89yz61hEDpRmQ@mail.gmail.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQk5E/tOcsbUN1ay4L7TMuuqUq9/Oj4x5CRK0Sn6vOdUNg0KRf+7Hgz0vcW2ZGRhtEo23tnc
Subject: Re: [Asrg] DNSBL caches and IPv6, again
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>,
<mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>,
<mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Sep 2012 05:11:01 -0000
On Thu, Sep 20, 2012 at 12:27 AM, John Levine <johnl@taugh.com> wrote: > So, anyone got server log [IP,timestamp] data they can share? I have [IP, # of queries] on a daily level from DNS query logs from dnswl.org, eg in a file named "2012-08-03.aggregate": | 178.63.223.135 1 | 219.255.134.101 4992 | 156.45.254.31 80 These are the numbers we see at the authoritative servers, ie after caching by (mostly "medium" in your terminology) local resolvers. We only collect about a third of the logs (we are only interested in relative numbers, so that is not an issue for our own purposes). Despite sanity checks, there are about 1% odd IPs, eg from those who forget that they should use reverse-nibble notation for the lookups, funny internal IP addressing schemes leaking out, DNSxLs trying to look up whole ranges etc). We also have data in the same format for the DNS server IPs that actually query our servers. We keep this data for about a month (the higher aggregated data, ie sender magnitudes, top query sources etc are kept in the DB for longer). <shameless plug>We do not yet collect data on IPv6. If you want to help us to change that, see http://www.dnswl.org/news/archives/26-Do-you-want-to-support-the-dnswl.org-project.html</shameless plug> -- Matthias
- [Asrg] DNSBL caches and IPv6, again John R. Levine
- Re: [Asrg] DNSBL caches and IPv6, again Dave Warren
- Re: [Asrg] DNSBL caches and IPv6, again John Levine
- Re: [Asrg] DNSBL caches and IPv6, again Chris Lewis
- Re: [Asrg] DNSBL caches and IPv6, again John Levine
- Re: [Asrg] DNSBL caches and IPv6, again Matthias Leisi
- Re: [Asrg] DNSBL caches and IPv6, again John Levine