On Dec 7, 2009, at 1:19 PM, Grayhat wrote:
>> May be. But may be I am in a mailing list of ASSP which happens to
>> have a DNS section where you can add DNS servers.
>> And for that you can use the DNS Benchmark Utility we are discussing.
>> We have several thousands of ASSP installations, many of them have
>> problems with DNS speed. Very few will follow your advice how to
>> speed
>> up DNS (not even me - I use public servers for more than 500000 mails
>> a day, our 3 local DNS are used for WEB). Many installations followed
>> my advice to use public servers and solved their problems. So, what
>> exactly is a not brainer here?
I have not seen anywhere stated to do more than "use openDNS". If
there was a faq that says to use openDNS, make sure you have an
account, make sure you add your IP, make sure you turn off all the
"helpful" features, then I would not have such an issue with it.
For what it is worth, you are relying half a million emails on a
service that you do not fully understand, aside from it is working
now. No one understand it, other than those who work there. They do
not run named/BIND, they wrote their own system entirely.
I sent them an email and finally got a reply...
From me to openDNS:
Can I use your IP's on an email server? I do many lookups for
DNS whitelist
and blacklists, and want to use open DNS to lookup all email
server requests
for my email servers. I will not be using openDNS for http at
all under these
conditions, instead, exclusively for email servers.
Is this allowed under the free account, or is there some paid
account this is
more appropriate for?
Or, with the aggressive caching you do, would you advise against
it, since DNS
blacklist and white-list listings are all so short to live, that
I may end up
with many false positives?
Their less than stellar reply, but it points out the important part:
Scott,
Due to the way our service works we generally would advise
against using OpenDNS
on a mail server.
The reply was from a manager, not a front line support canned reply
type person, but I will leave names out since I feel that is unethical
without permission.
I am happy it works for you. At any moment, openDNS could see your
usage as abuse, and cut you off, or, worse, return a wild-card, for
which you have no idea where all your email is going to end up.
openDNS does not want your business, the majority of your queries can
not be used for anything meaningful to them. They can not get stats
on http based traffic, they can not show ads to you over a email
connection. I know some of your use it http, but you stated most is
not.
> Oh fine, go on doing that, no problems on my side, if you can't
> understand WHY it's better then I'm not going to educate you
> about it, all in all it's your business, pity that a lot of clueless
> folks
> are following such recommendations and using external DNS
> resolvers instead of their own ones;
Well, from the horses mouth above, if that is not enough to get people
to at least do a little research, those users are hopeless anyway :)
For those that still do not get it...
openDNS states: "we generally would advise against using OpenDNS on a
mail server"
> but luckily there are others
> (the most) which instead do understand how DNS works and
> why having local resolvers is a plus and do not follow your advice
> other than that, and as I said, do whatever you like; no problem
> on this side; sooner or later maybe you'll realize what I'm saying
I fail to see what is so bad about local caching of your own requests,
being in 100% control of your own data and network and how it works.
We are not talking about needing a lot of horsepower here at all. If
every email of the 500,000 needs a total of 5 lookups, which is
probably a huge over estimation, and all of them are not cached, also
not likely...
This 100.00 machine can do it:
$grep 16-Dec-2009 query.log.1 | wc -l
302762
$system_profiler
Hardware Overview:
Model Name: Power Mac G4
Model Identifier: PowerMac3,6
Processor Name: PowerPC G4 (3.3)
Processor Speed: 1.25 GHz
Number Of CPUs: 1
L2 Cache (per CPU): 256 KB
L3 Cache (per CPU): 1 MB
Memory: 2 GB
Bus Speed: 167 MHz
$uptime
23:53 up 62 days, 1:15, 2 users, load averages: 0.03 0.07 0.02
I also do a little mail, IMAP, http, and a some other stuff on this
machine.
You can buy a machine like this on craigslist for $100.00 any day of
the week.
Sorry, but I agree with GreyHat on this one again, if anyone is still
reading, the only way you can be protected, is to be in control. For ~
$100.00 and a few days reading and research, you can be in control. I
am not sure I see any reason at all not to do your own DNS. If you
are Facebook, MySpace, or Twiter, you may want to outsource, thats a
cost proposition, but you pay for that, and get a phone number for a
rep who makes sure things work how you want, and you get an SLA along
with it. Free public DNS does not come with an SLA.
Thanks all, have a great weekend. Going to deploy a ASSP 2.0 machine
this weekend, see how it all goes, and will report back any issues, of
which I hope there are none.
--
Scott * If you contact me off list replace talklists@ with scott@ *
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
