Re: Faster rDNS lookups

Sat, 13 Aug 2005 06:59:45 -0700 

Rob McEwen wrote:

Please understand, I'm only proposing this as an alternative idea for
checking to see if a sending server's IP address has proper rDNS... NOT any
other type of DNS lookups.

Also, I don't have stats on this, but I know that most mail is spam and I
know that MUCH of this spam has no rDNS properly configured.


If 9% of incoming mail is spam (at least it is on my mail systems), how
does that help? (It used to be >80% but Postfix+policyd has reduced it
to barely anything). Lets use an extreme case and say that 100% of that
9% does not have reverse dns records and are spam mails. What kind of
saving is there?


Furthermore, when rDNS is not properly configured and a subsequent lookup is
done on the same IP, I'm pretty sure that the negative (no found) lookup
isn't cached at all or at least not for long.


Thats a good thing.


In my testing, that last lookup DOES find something... indicating that DNS
servers don't generally cache previously "not found" lookups... at least not
for long.


Again, thats a good thing.


rDNS on a spammer's IP which doesn't have rDNS configured involves a similar
situation. Therefore, I don't think DNS servers cache the negative results
of rDNS checks either at all or for very long. But, ironically, these types
of checks are more expensive than most lookups. I've found that DNS server
often take longer to return a "not found" result when the IP address is from
some 3rd party network in Korea... in contrast to an "is-found" lookup from
a DNS server on your own network.


I do not see that in my tests.

Random hosts with reverse DNS:

[/]# time host 70.106.32.110
110.32.106.70.in-addr.arpa domain name pointer pool-70-106-32-110.hag.east.verizon.net. 
real    0m0.005s
user    0m0.001s
sys     0m0.003s
[/]# time host 213.93.30.26
26.30.93.213.in-addr.arpa domain name pointer e30026.upc-e.chello.nl.
real    0m0.005s
user    0m0.001s
sys     0m0.006s


Random hosts without reverse DNS:


[/]# time host 211.195.99.146
Host 146.99.195.211.in-addr.arpa not found: 3(NXDOMAIN)
real    0m0.005s
user    0m0.000s
sys     0m0.002s
[/]# time host 61.149.3.145
Host 145.3.149.61.in-addr.arpa not found: 3(NXDOMAIN)
real    0m0.004s
user    0m0.000s
sys     0m0.004s

Typically hosts without any rdns are faster to lookup than hosts with
rdns records. From some poking around, it appears that negative rdns
lookups are cached for 10 minutes, up to a maximum of up to 3 hours:

Negative Caching of DNS Queries -> http://www.faqs.org/rfcs/rfc2308.html

Cami



Cami

Reply via email to