On Thu, 7 Jul 2011 11:50:44 +0200
Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
Negative caching can be effective or in this case even
ineffective too, can't it?
On 07.07.11 08:26, David F. Skoll wrote:
The point is that by definition, you can't have a per-IP negative-cache TTL.
We can have per-IP positive cache and per-zone negative cache. As you
mentioned earlier, spamhaus uses 15-30 min TTL. I found it use 900s
(=15m) positive TTL and 150s (=2.5min) negative TTL.
And in case of repeating the same IP's (which happens especially with
remote mailservers) the negative cache helps much.
In fact, I think that DNSBL's operators should provide the same TTL for
both positive and negative answers, that can be even as big as 12-24h
for dynamic/policy block lists. It's alwayt onto clients' nameserver to
decide which it will cache and which not, mostly based on their usage.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759
