"David F. Skoll" <d...@roaringpenguin.com> wrote: > On Mon, 04 Jul 2011 13:52:00 +0200 > Axb <axb.li...@gmail.com> wrote: > >> BLs generally adjust their negative TTL to get a practical balance >> between query load and positive hits. >> Gaming these settings can become a costly process. > > My experiments on real mail servers show that DNS caching is quite > ineffective for DNSBLs (at least for typical ones like Spamhaus that > use a short TTL on the order of 15-30 minutes.) > > Results of my experiments are in these slides (PDF): > http://ipv6summit.ca/index.php/v6/2011/paper/view/8/4 > > Executive summary: On a very quiet mail server, assuming a 15-minute > TTL, there was only a 50% cache hit rate on DNSBL lookups. On a > fairly busy mail server, the cache hit rate fell to 22%. > > The problem, of course, is that most mail servers are hit by > connections from all over the place... spammers have a lot of IP > addresses to choose from, so you don't get much repetition within the > TTL of a typical DNSBL. If you really need high-performance DNSBL > lookups, you need to arrange for a zone transfer and run a local > authoritative name server for the DNSBL.
Would you recommend redesigning (mainly) DUL/DUL+ DNSBL lists to improve DNS cache hit ratio? -- [pl>en: Andrew] Andrzej Adam Filip : a...@onet.eu The Second Law of Thermodynamics: If you think things are in a mess now, just wait! -- Jim Warner
