https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6048
--- Comment #25 from Dallas Engelken <[email protected]> 2009-01-22 11:58:46 PST --- (In reply to comment #24) > (In reply to comment #23) > > Thanks for the technical explanation. > > > I'm okay with whatever SA wants to do. I dont think URIBL ACL policy > > needs to > > change. With the public DNS infastructure we have, I dont see any other > > effective way to stem the abuse. > > Just an idea - unless I'm missing something - why don't you simply move the > ACLs up a level instead to the uribl.com zone so that if you blacklist an IP > then it prevents the IP address from being able to query the NS records for > black/grey/red.uribl.com (e.g. the nameserver returns 'REFUSED'; although > NXDOMAIN might work better for negative caching) granted you'll have to wait > up > to 24 hours before the host will actually be prevented from querying; but it > would still do what you need it to. That way the traffic stops dead at > Prolexic nameservers instead of the public mirrors and everyone's happy. > I've asked Prolexic this in the past and they say they cant do it as the ACLs apply globablly, and it would be static entries and a named reload anyhow, so no way for us to manage or automate that flow. We would have to move our primary nameservers off prolexic into hardware we can manage ourselves, which we have discussed doing. -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
