On Aug 11, 2004, at 10:32 AM, Martin Konold wrote:
Am Mittwoch, 11. August 2004 13:53 schrieb Bart Silverstrim:
Hi Bart,
the idea does become popular, and clam and other programs out there start taking advantage of it
DNS was developed exactly for this kind of purpose.
Storing non-DNS related information for retrieval? As I understand the proposition (and the original lecture that this idea was based on), it's was for hiding information in a very small records area of DNS for propogating information...I don't think the designers for DNS had spreading AV signatures (or files or other things that have been proposed, non-Clam related) in mind at the time. Also I was worried about the fact that DNS servers usually got traffic for updates from peers and client/server lookups, not spreading files...that would boost their hits and bandwidth.
...I don't know about all of you, but I didn't set up a DNS server on a system meant for constant hits from other sources querying it
Sorry, I dont want to sound impolite but please try to become familiar how DNS
works in todays internet.
Prefacing it with not wanting to sound impolite still makes it sound impolite but that's okay :-)
I'm not a DNS expert by any means. It's been five years or so since I set up a bare linux system as an authoritative DNS server, other setups I've made were all in-house caching servers. I'll make no claim to knowing how things work exactly or the pitfalls of trying this out, or the effect it would have on the servers.
But I *have* had enough experience to say that if I have these questions, chances are someone else on the lists has them too, vocalizing them or not...and they'll hopefully get an education from the answers I get as the result of my chiming in :-)
; it's just a little system that can handle the load of a small network and that's pretty much it :-)
Your little DNS server will only get queries from you very own clamav installation but not from _anyone_ else.
The proposal is just to have a few DNS servers, the authoritative ones, seeded with the info then? Others would just cache it? Duh. Makes sense.
And what about systems that restrict querying to certain IPs?
?? This makes no sense. If you system is able to do http with using fqdn then
it is also able to use the DNS.
I think at the time I was thinking about DNS servers updating from peers, distributing the load of the records that are spread piecemeal.
Funny enough: The protocol ideas you are proposeing are putting _more_ load on
the DNS(*) than the direct DNS idea.
(*) it is save to assume that your protocol ideas don't use static ip numbers
but use DNS to do gethostbyname() resolving.
You would be correct; it would be the load made by any listserv though. any spreading of an "email like" server's load would increase lookups (unless assisted by local caches heavily).
It's not necessarily the load on the server I think I was worrying about, per se...it's trying to shoehorn the protocol to do more than it was supposed to. It's probably a misunderstanding of the idea for spreading the information through DNS, but I would think that the DNS idea would hit a wall or block that would be imposed by the restrictions of DNS itself and the way it works, so a new mechanism would have to supplement it or some other clever hack. I would think that it would be better to start a propagation idea from scratch rather than a neat idea (I'm not trying to disregard it...heck, I'm probably missing something obvious and am worrying about a non-issue) for extending a protocol meant for task A being extended to also be able to do task B.
-Bart
------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
