On Thu, 07 Jul 2011 15:31:47 +0200 Andrzej Adam Filip <andrzej.fi...@gmail.com> wrote:
> > The point is that by definition, you can't have a per-IP > > negative-cache TTL. > But it is possible to use a wildcard DNS record for "not listed", > is not it? :-) That would not work well at all... think about the ramifications. :) Either the cached wildcard record would prevent you from querying IPs you've never seen before (in which case the DNSBL would be useless) or it would forward the specific query anyway (in which case it does nothing to solve the problem.) Anyway, IMO, DNS should not be used for blacklist lookups over the Internet. DNS was never designed for that; it just happens to sort-of-work. DNSRBLs are frequently-changing and are supposed to provide up-to-the-minute information. DNS is a good protocol for querying a local authoritative name server, but it's not good for distributing large volumes of quickly-changing, required-to-be-fresh data across the Internet. (What's saving us is computing power and bandwidth. Modern name servers can handle a huge number of queries without too much trouble, so people never even noticed that caching wasn't buying them anything.) Regards, David.
