Thanks Ned, my question being now - why create a rule that can reduce the spam count when the provider decides to enforce such a policy; and start returning incorrect queries. Denied or not, it should NEVER return any value that would lower the spam count, if it cannot provide the correct answer to the query, it should send a null result; not some crap answer because they're systems cannot provide sufficient queries to the demand the public puts on their infrastructure.
Although I personally am not doing 100k look-ups, the DNS resolvers at the DC very well may. ... less than 0.1% are affected by this stricter enforcement ... I have setup bind to do name-caching and no longer doing forwarding. I will continue to examine longs and monitor the system. Thanks for those who took the time to reply w/ enough information, rather than smart comments; or vague 1 liners. -- Jeremy McSpadden Flux Labs, Inc On Oct 30, 2011, at 5:56 PM, Ned Slider wrote: On 30/10/11 20:45, Jeremy McSpadden wrote: Thanks for the help Benny. .. Anyone besides this guy have anything to say ? -- See here: http://www.dnswl.org/news/archives/24-Abusive-use-of-dnswl.org-infrastructure-enforcing-limits.html and also the thread on this list from the archives dated 17th Oct 2011 with subject: DNSWL.org enforcement of free usage limits. Benny is correct - using your providers DNS servers results in exceeding the limit at DNSWL which results in all queries hitting RCVD_IN_DNSWL_HI - that's generally how they get your attention. Now they have your attention, the solution if you want to continue using DNSWL is to deploy your own local DNS caching server assuming you can stay under the free usage terms, or buy a data feed, or disable the DNSWL rules in SA by scoring them at zero: score RCVD_IN_DNSWL_HI 0 score RCVD_IN_DNSWL_MED 0 score RCVD_IN_DNSWL_LOW 0 score RCVD_IN_DNSWL_NONE 0 all of which has previously been stated. Hope that helps.
