On Sun, Mar 28, 2010 at 04:32:48PM +1100, Daniel Pittman wrote: > Oh, cool. Someone talked DJB into relicensing dnscache so that it can be > distributed patched, rather than requiring the original. That must make life > better for folks like you who want to use it.
DJB made it Public Domain AFAIK, so I made a git repo from it and added some of the published patches as well as my own work. > Way back when a 256/64 kbit ADSL connection was fast and expensive, a couple > of places I supported used software that incorporated dnscache, and had the > ability to use DNS RBLs for inbound email. > > So, it turns out that dnscache had a fixed ten second timeout for a response > from the upstream DNS server. If it receives a reply outside that window it > will reject the reply; it also resends queries if they time out. Yes, that's really nasty, but that's the exact problem I fixed recently (i.e. about 6 months ago). The fix is that although dnscache is resending, it should still accept late replies from the original requests it sent. > Apparently, though, if you manage to list enough RBLs you can get in a > situation where dnscache is sending requests, which all time out because the > link RTT is more than ten seconds ??? just from the load of sending > retransmitted queries. Performance starts to degrade as soon as the average request latency exceeds 1 second. See http://www.nick-andrew.net/ actually it is my most recent news item (I don't update it all that often). > Anyway, these days that is unlikely to be a problem: either the code will be > patched to play nice, or the increase in bandwidth makes the odds of breaking > pretty slim. Negative unfortunately; I discovered this problem on a modern day Mobile Broadband link ... three.com.au, to name the guilty party. Nick. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html