On 8 Jan 2019, at 15:58, Grant Taylor via mailop wrote:
On 01/08/2019 01:49 PM, John R Levine wrote:
(I) don't see it as very useful.
Fair.
I'm of the opinion that an RBL is not difficult to set up. To me the
difficult thing is sourcing data to put in it.
No, the difficult part of running a DNSBL is handling the query load.
I run a private DNSBL whose base zone has only ever appeared in 5xx
replies and well over a decade ago on some now-defunct technical
discussion lists more obscure than this one and on one web page on my
ultra-low-traffic website. It has never provided public service, thanks
to BIND views.
A handful of resolving entities attempt hundreds of thousands of queries
against that zone most days. They have never received useful responses.
Many now receive NO responses now, because one IP4 broker
(apparently...) has taken to using AWS instances to send scores of
thousands of queries regarding a single entirely unrouted /20 in
parallel every day between 2100Z and 2110Z. Each IP is queried against
the DNSBL from multiple AWS zones all at once. Until I started
automatically dropping Amazon /24s into a "no DNS for you" IP set on my
external router, my authoritative DNS server was basically useless for
5-10 minutes almost every day. When they ask my secondary because I
don't respond, they get no answers and a referral to '.' as the NS for
the DNSBL zone.
That's what a few morons do to an entirely private never-useful DNSBL.
I do also want to be sure that if such is done, there is some sanity
around it.
Can I ask for a straw poll for people that would find some value in
such a BL?
--
Grant. . . .
unix || die
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
