James Craig Burley wrote:
So why in the world would you ever want every domain in your cache? How? That is the point you are missing. They will never have every domain in the world in the DNS. Besides that I don't know about you but I have a check before SPF check that checks to C if the domain exists.Glancing at the ORDB.org nameservers I fail to see how the SPF DNS usage can be so intense as to be a problem or a weak link.
Do they use IP addresses or domain names as keys?
The relays.ordb.org nameservers are relatively centralized (11 servers right now) and they are processing 1-2 million requests a minute (extrapolated from one logfile) without much trouble.
Impressive. But a sufficiently well-endowed server can keep an entire IPv4-based data base in RAM, correct?
How large do you think the entire SPF data base would be, for the entire Internet, in four to five years, assuming SPF is widely deployed?
Do you think it could fit into the RAM for any server in production at that time?
Now you are going to say that checking it C if a domain exist is still DNS. So again please stop using DNS.
I got a question for you how many DSL DNS servers does BELLSOUTH have? DNS is uses for far more then email. So if there were the kinda problems in DNS you talk about wouldn't it be evident by a million ppl surfing the net? I mean think about it. 2.5 Million computers, all in the same time zone. All looking @ websites. That is a big cache right? So how do they do it?
Please just drop it. If you don't like it then don't use it. But you arn't going to win a disagreement that DNS doesn't work!
tmb
Do you believe the granularity of SPF information required to accommodate roaming users, users with multiple points of access to the Internet, and so on, might be a factor in making these assessments?
Even if SPF ends up much much more widely deployed than ORDB is, surely the design of it is much better aligned with the DNS system design.
SPF and ORDB share the fact that the key being looked up is based on information pertaining to *incoming* transmissions.
They don't share the ability for the external entity to generate arbitrary keys for lookup, since it's very difficult for a spammer to inject email from truly random IP addresses.
Further, ORDB is not sufficiently useful for "everyone" to use. Some sites don't care much how an email is routed to their hosts; they care more about what is in it, and where it originally came from.
Finally, ORDB does not (presumably) ever have to refer lookups to arbitrary external hosts when it does not have them in local cache, because ORDB *itself* is "authoritative" for the information it servers on any given host on the Internet.
On the other hand, SPF lookups that fail in local caches might require referral to systems that are either overloaded or unreachable, and spammers might be able to predict or plan this such that it can be exploited to their benefit.
In that sense, ORDB is not a distributed data base to nearly the extent SPF DNS information constitutes one; it is merely a locally cached centralized data base, and thus gives little guidance as to what to expect from DNS once SPF is widely deployed and employed.
