On 2014-01-28 11:28, Matus UHLAR - fantomas wrote:
On 27.01.14 18:23, John Levine wrote:
A friend (really) asks this question: they have some DNSBLs, which get
a lot of queries. Sometimes the answer has A or TXT records, meaning
the corresponding address is listed in the DNSBL, sometimes it's
NXDOMAIN which means the address isn't.
For addresses that aren't listed, some of the NXDOMAINs are a lot less
likely to change than others, e.g, the address of an outbound mail
server at a large mail provider is unlikely ever to be listed, but a
random host at a hosting provider in India, who knows. So he'd like
to have the TTLs on some of those NXDOMAINs be longer than others, by
putting a different TTL in the SOA in the authority section.
If you know those IPs, why do you check them for being listed at all?
John's question was from the point of view of the DNSBL operator. How
would a DNSBL operator stop users of that DNSBL from performing lookups
on certain IPs, and why would they bother?
If any IP starts spamming, why to give it longer time to appear in the
blacklists? I don't think this makes sense at all...
Because a lot of IPs simply are not candidates for listing at certain
types of DNSBL sites. "Too big to block" is a thing.
A more straightforward example: If your DNSBL is designed to only list
IPs that are running vulnerable web scripts *and* are not also
legitimate mail servers, then Google's outbound MX will *never* be
candidates for listing (regardless of how much they spew) and therefore
a very large TTL'd NXDOMAIN would be appropriate. Frankly, any
legitimate mail server would be a candidate for a large-TTL'd-NXDOMAIN
for this type of list, not just big players like Google.
If a DNSBL operator knows that certain IPs are not candidates for
listing (or at least not candidates for automated listing), why not let
DNS caches keep that information for as long as possible?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
Usenet is like a herd of performing elephants with diarrhea --
massive, difficult to redirect, awe-inspiring, entertaining, and a
source of mind-boggling amounts of shit when you least expect it.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
