On Tue, Aug 17, 2004 at 08:31:41AM -0400, Jeff Koch wrote: > I question your statement that these DNSRBL can handle the load. Our > mailservers are handling over 10K messages per hour - but to be > conservative assume there are a million SA boxes checking 1.0K messages per > hour. Is it reasonable to assume that each DNSRBL can handle a billion > queries an hour?
We really need negative caching for DNS lookups. DNS TTLs are great for caching *successful* lookups - but failed lookups aren't cached. This is the problem with the RBL style. It has retro-fitted DNS to do a job it wasn't designed to do. Another example of a product with the same issues is the Squid proxy server. They designed negative DNS caching into Squid to reduce the amount of network DNS calls Squid makes. Has anyone looked into adding a DNS cache component into SA? You could cache both positive and negative lookups for (say) 5-10 minutes without really causing any bad side effects... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
