Am 26.11.2014 um 14:06 schrieb David F. Skoll:
On Wed, 26 Nov 2014 07:53:20 +0100 Matthias Leisi <matth...@leisi.net> wrote:Yes, such an approach might initially double the amount of queries and has an increased risk of not getting DNS responses, but on the other hand such "tree information" can be nicely cached with reasonably long TTLs, even for the fast-paced DNSBLs out there.It's not worth the complexity. I ran an analysis quite a few years ago on the cache efficiency of DNSBLs and they're shockingly low. I collected all the IPs seen on a very busy mail server and calculated how many cache hits we'd get with Spamhaus lookups --- I believe Spamhaus has a TTL of 15 minutes. I'll have to dig up the exact numbers, but I recall something like a 90% cache *miss* rate. Commercial DNSBLs count on a low cache hit rate; otherwise they wouldn't be able to detect heavy users as easily
the unbound stats on our inbound MX saying the opposite cache-min-ttl: 300 cache-max-ttl: 36002014-11-25 23:05:27 [663:1] info: server stats for thread 1: 200732 queries, 101194 answers from cache, 99538 recursions, 2679 prefetch 2014-11-25 23:05:27 [663:3] info: server stats for thread 3: 115076 queries, 51667 answers from cache, 63409 recursions, 1060 prefetch 2014-11-25 23:05:27 [663:2] info: server stats for thread 2: 125836 queries, 59737 answers from cache, 66099 recursions, 1293 prefetch 2014-11-25 23:05:27 [663:0] info: server stats for thread 0: 112853 queries, 50909 answers from cache, 61944 recursions, 1132 prefetch
signature.asc
Description: OpenPGP digital signature
