Warren Togami wrote: > You are misunderstanding the question. A single DNS query could > respond different numbers meaning they are hits on different lists. > Your lists that are subsets or supersets of other lists can easily use > this. The querying software need only to know what each result means.
Not saying that this is a bad idea, but it does have its limitations. For example, some lists are into the hundreds of megabytes large, and getting the whole file rsncned and updated can take more than several minutes. Often, such lists update only once or twice per hour, if even that often. In contrast, some lists are smaller and faster reacting and update every few minutes. Trying to merge all such lists into a single lists every several minutes is no trivial task in terms of having enough CPU cycles and RAM to get that done correctly and within a reasonably short time. Likewise, doing the merge hourly loses the benefit of some of the smaller-footprint faster-reacting lists which can react to emerging spam threats faster. Not saying such a consolidation can't be done... and maybe a few tradeoffs here are worthwhile? But if these issues are not dealt with smartly and competently, then one could easily find themselves with that all-in-one comprehensive DNSBL has not being as effective as querying them separately. Also, this loses the ability to *score* on multiple lists... unless you use a bitmasked scoring system whereby one list gets assigned ".2", another ".4", another ".8", on to ".128". But that leaves a maximum of only 7 lists. Sure, you can add more than 7 by employing other octets in the "answer IP", but that only severely complicates matters. And as it stands, you'd also have the complexity of getting the spam filter to parse, understand, and react properly to those bitmasks. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032