On Thu, 7 Jul 2011 14:39:48 +0200
Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
And in case of repeating the same IP's (which happens especially with
remote mailservers) the negative cache helps much.

On 07.07.11 09:09, David F. Skoll wrote:
No, it does not.  I have run experiments on real mail servers.  I'm not
just making this up.  If you like, I can send you my log analysis code
so you can run the same experiments on your own mail servers.

Do you have memory for your nameserver limited or not? Does it only expire RR's when they time out?

what logs did you procvess? Do you log responses with informations if they came out of cache?

In fact, I think that DNSBL's operators should provide the same TTL
for both positive and negative answers, that can be even as big as
12-24h for dynamic/policy block lists.

As I mentioned, it's not in their interests to do that (if they sell access
to heavy users.)  Additionally, though I haven't experimented very extensively,
my tests show that cache effectiveness is not very sensitive to TTL.  Real
mail servers tend to be hit by a *lot* of different IP addresses, many of which
don't repeat for hours (if ever).

well, connections to our mailservers _do_ repeat, expecially for servers like google, facebook or similar services. Of course, there ARE bots, zombies and drones from the internet that do not reconect to our servers but there are many that do.

However I did not measure statistic effectiveness. OTOH, it's good when we have cached result for google servers and not for drones... :)

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow that.

Reply via email to