>I agree, so I propose a much larger change: Stop using DNS for this >purpose. I don't think it's the right tool for the job.
Sigh. Yes, that's one of the bad ideas. Remember that part of the goal is to keep the traffic to and from the DNSBL/WL's servers under control. >Any protocol that makes lookups in a huge adress space efficient and >efficiently-cacheable is going to leak much of the list information. >So why not just distribute copies of the entire list in a format that >permits efficient lookups and efficient sychronization (eg with >rsync)? If you're familiar with populare DNSBLs, this is not a new idea. Spamhaus, for example, provides low volume queries for free, medium volume queries for a charge, and rsync access for a higher charge. See: http://www.spamhaustech.com/datafeed/index.lasso Consider the amount of traffic involved in doing an rsync: set up a TCP session, do the key exchange to set up a SSH session, then start comparing pieces and checksums to figure out which parts of the files need to be transferred, that's a fair bit of traffic, particularly for a large zone file. The tradeoff point where it's cheaper than doing queries is quite high. If you've got a giant mail system, it makes sense, but if you have one or two MTAs, even fairly busy ones, it doesn't. Hence my goal to concoct something which allows efficient publication and caching via the DNS. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
