On Thu, 7 Jul 2011 14:39:48 +0200 Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
> On 07.07.11 08:26, David F. Skoll wrote: > >The point is that by definition, you can't have a per-IP > >negative-cache TTL. > We can have per-IP positive cache and per-zone negative cache. That does not help. > And in case of repeating the same IP's (which happens especially with > remote mailservers) the negative cache helps much. No, it does not. I have run experiments on real mail servers. I'm not just making this up. If you like, I can send you my log analysis code so you can run the same experiments on your own mail servers. > In fact, I think that DNSBL's operators should provide the same TTL > for both positive and negative answers, that can be even as big as > 12-24h for dynamic/policy block lists. As I mentioned, it's not in their interests to do that (if they sell access to heavy users.) Additionally, though I haven't experimented very extensively, my tests show that cache effectiveness is not very sensitive to TTL. Real mail servers tend to be hit by a *lot* of different IP addresses, many of which don't repeat for hours (if ever). Regards, David.