Matthias Leisi wrote:
For certain kinds of spam, it would be advantageous to have a highly dynamic set of rules (eg stock spams). The usual methods (à la sa-update) are usually slow - slow as in "once or twice a day"; however I think it would make sense to have them fast - fast as in "continuously updated".
What's stopping you from running sa-update more frequently? I run it once an hour on most of my systems.
As such, DNS could be used as a transport mechanism with reasonably chosen TTLs. As most rules are not that huge, they would usually fit into a single TXT record. Updating these rules through DNS would allow efficient "flood fill" distribution combined with DNS' cacheing characteristics.
It'd also be an efficient way to tamper with rulesets. Off the top of my head I can't think of too many less secure ways to distribute rulesets.
Daryl
