Am 08.02.2018 um 16:39 schrieb Reindl Harald:
Am 08.02.2018 um 16:34 schrieb Mukund Sivaraman:
On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote:
Hello Harald,
Am 2018-02-08 hackte Reindl Harald in die Tasten:
you miss the topic
many DNSBL's have a very short TTL and at the same time a limit of
queries froma single IP until you need to pay for the service
so if you have a inbound MX and the RBL has 2 seconds TTL and a botnet
is trying to deliver spam to you override the 2 scodn TTL with 90
seconds or whatever makes sense reduces the total amount of DNS
requests
dramatically
Sounds logic.
And this feature was rejected by the Bind Developers?
If the RRset wants a TTL of N seconds, then that is the authoritative
instruction from the owner of the zone about how the data should be
used. We have to follow that. The RFCs so far do not allow increasing
TTL, though they allow decreasing it.
If a DNSBL zone has a TTL of 2 seconds, then talk to the zone owner
about why it is so. There ought to be a reason from their perspective
why it is set to 2s
so what - nobody can force me to ask him the same question every 2
seconds and as long it's a local resolver for my own services the one i
have to ask about any why in doubt is the person i face in the mirror
every morning
yes, you are free to decide that named don't need to support the users
wish of such a feature. but the result is that the user stops to use
named at all on a inbound-mailserver and is done
and BTW - i don't need to ask the zone owner because common sense has
the answer already: to have answers as real-time as possible nad let as
less as possible new listings slip through
it's still my decision as mailadmin if i need that accuracy
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
