-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jason Haar writes: > On Tue, Aug 17, 2004 at 08:31:41AM -0400, Jeff Koch wrote: > > I question your statement that these DNSRBL can handle the load. Our > > mailservers are handling over 10K messages per hour - but to be > > conservative assume there are a million SA boxes checking 1.0K messages per > > hour. Is it reasonable to assume that each DNSRBL can handle a billion > > queries an hour? > > We really need negative caching for DNS lookups. DNS TTLs are great for > caching *successful* lookups - but failed lookups aren't cached. > > This is the problem with the RBL style. It has retro-fitted DNS to do a job > it wasn't designed to do. Another example of a product with the same issues > is the Squid proxy server. They designed negative DNS caching into Squid to > reduce the amount of network DNS calls Squid makes. > > Has anyone looked into adding a DNS cache component into SA? You could cache > both positive and negative lookups for (say) 5-10 minutes without really > causing any bad side effects... We were considering it, since it'd be doable now that we prefork and keep a spamd process running for a few hundred messages. However, the other devs were pretty sure that a local caching "named" process would probably do the trick nicely enough. (me, I'm not quite convinced ;) So a local caching named won't cache negative lookups? That *could* be quite an improvement if that's the case... - --j. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFBJAVHQTcbUG5Y7woRAvkDAKDvwmXuClTigClrGYCP04DP7cFNYwCePXnP Ne3UUyuQxArmYJ4D+AMa+is= =k9To -----END PGP SIGNATURE-----
