> From: Noel Butler
> you clearly have a bias set-in-concrete mindset about rbldnsd, maybe you
> and its author hate each others guts, I dunno, dont care, our decision
> is based on real world live usages, tests, and experiences, for over ten
> years of using rbldnsd and twenty with bind, so Ver
On Tue, 2013-09-24 at 13:40 +, Vernon Schryver wrote:
> > From: Noel Butler
>
> > We used to run our int bl on bind, it was a resource hog compared to
> > rbldnsd
> > But there is no way in hell, I'd run rbldnsd on anything else other
> > than a BL,
> >
> > IMO, they are both designed to do
> From: Noel Butler
> We used to run our int bl on bind, it was a resource hog compared to
> rbldnsd
> But there is no way in hell, I'd run rbldnsd on anything else other
> than a BL,
>
> IMO, they are both designed to do different things, and they both do
> their own thing, much better than the
On Mon, 2013-09-23 at 19:21 +, Vernon Schryver wrote:
> > > As a matter of interest, if one had a DNSBL with 5.5 million entries
> > > (i.e. 5.5 million IPs):
> > >
> > > 1) What needs to be done to rewrite that to a BIND zone?
> > > 2) What sort of machine would be required to load that zone
Vernon Schryver wrote:
>
> It's convenient that with binary zone files and the dynamic update
> protocol, loading from text (or signing a whole zone) is not something
> you need to do every hour on the hour.
Right. Timings from named-checkzone give a rough idea of a worst-case cold
start.
I ran
Simon Forster wrote:
>
> Excellent info. Thank you. What's the specs of the machine you're testing on?
An old-ish Dell Optiplex 760, Core 2 Duo, 3.16 GHz, 4GB RAM.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough,
On 23 Sep 2013, at 20:21, Vernon Schryver wrote:
>> From: Tony Finch
>
>>> As a matter of interest, if one had a DNSBL with 5.5 million entries
>>> (i.e. 5.5 million IPs):
>>>
>>> 1) What needs to be done to rewrite that to a BIND zone?
>>> 2) What sort of machine would be required to load th
On 23 Sep 2013, at 19:24, Tony Finch wrote:
> Simon Forster wrote:
>>
>> As a matter of interest, if one had a DNSBL with 5.5 million entries
>> (i.e. 5.5 million IPs):
>>
>> 1) What needs to be done to rewrite that to a BIND zone?
>> 2) What sort of machine would be required to load that zon
> From: Tony Finch
> > As a matter of interest, if one had a DNSBL with 5.5 million entries
> > (i.e. 5.5 million IPs):
> >
> > 1) What needs to be done to rewrite that to a BIND zone?
> > 2) What sort of machine would be required to load that zone?
> > 3) How long would it take to load into BIND
Simon Forster wrote:
>
> As a matter of interest, if one had a DNSBL with 5.5 million entries
> (i.e. 5.5 million IPs):
>
> 1) What needs to be done to rewrite that to a BIND zone?
> 2) What sort of machine would be required to load that zone?
> 3) How long would it take to load into BIND?
I did
On 23 Sep 2013, at 15:59, Vernon Schryver wrote:
>> From: Eliezer Croitoru
>
>>> Major DNSBL providers have years since limited anonymous clients for
>>> business or other reasons. For example, I think Spamhaus limits
>>> anonymous clients to fewer than 3 queries/second.
>
>> and I doubt the
On Sep 23, 2013, at 7:59 AM, Vernon Schryver wrote:
> From: Eliezer Croitoru
>
>> I was looking for something like that but I am sure a dynamic DB is
>> needed for the task right?
>
> Large DNSBLs are not very dynamic, because they have relatively few
> changes per day. From another perspect
> From: Eliezer Croitoru
> > Major DNSBL providers have years since limited anonymous clients for
> > business or other reasons. For example, I think Spamhaus limits
> > anonymous clients to fewer than 3 queries/second.
> and I doubt they use RRL in the application level..
> I assume they limi
On 09/20/2013 05:12 PM, Vernon Schryver wrote:
> The potential RRL problem is when you provide high volume DNSBL service
> over the open Internet to DNS clients that are not authenticated.
> However, that is unlikely to be a worry, because providing DNSBL
> services over the open Internet is dubiou
On Fri, 2013-09-20 at 14:12 +, Vernon Schryver wrote:
> > From: Shane Kerr
>
> > With a 50% packet loss and 3 retries you'll have about 1 in 16 lookups
> > fail, right? If you've got enough legitimate lookups going on to
> > trigger RRL then you're going to get lots of failures.
>
> If 6% i
> From: Shane Kerr
> With a 50% packet loss and 3 retries you'll have about 1 in 16 lookups
> fail, right? If you've got enough legitimate lookups going on to
> trigger RRL then you're going to get lots of failures.
If 6% is "lots", then yes.
> One workaround for this is to set SLIP to 1. I kn
Hi Shane,
On Fri, 2013-09-20 at 11:38 +0200, Shane Kerr wrote:
> Noel,
>
> On 2013-09-20 12:48:31 (Friday)
> Noel Butler wrote:
>
> > On Fri, 2013-09-20 at 01:59 +, Vernon Schryver wrote:
>
> > > > plenty of delayed mail - hostname lookup failures (mostly because of
> > > > URI/DNS BL's),
Noel,
On 2013-09-20 12:48:31 (Friday)
Noel Butler wrote:
> On Fri, 2013-09-20 at 01:59 +, Vernon Schryver wrote:
> > > plenty of delayed mail - hostname lookup failures (mostly because of
> > > URI/DNS BL's), so it certainly works as intended :)
> >
> > That sounds unrelated to RRL. Agai
18 matches
Mail list logo
