On Thu, 30 Dec 2010 14:18:13 -0500 Rob McEwen <r...@invaluement.com> wrote:
> On 12/30/2010 2:09 PM, David F. Skoll wrote: > > But I think it's really > > stretching DNS way beyond what it was designed for and it might be > > time to look at a different approach. > But David, every example you've provided requires vastly more > resources then blocking a spam with a single DNS lookup to rbldnsd. That's true... for IPv4. For IPv6, when a spammer can easily command 2^64 separate addresses or more, then even very clever techniques require on the order of 5 lookups. And (at least in John's proposal) there's a serious tension between update frequency and ensuring that the B-tree structure is consistent. If you have a local database on-disk, you can do a lookup extremely quickly. By definition, a local database has to be at least as fast as a DNS lookup because when you make a DNS query, the DNS server has to do a lookup in *it's* local database. Now obviously, there's a breakpoint at which synchronizing the local database from the master becomes cheaper than doing lookups. Right now, that's quite high, but it will move lower with IPv6. > Heck, even a dozen separate DNSBL lookups against a local rbldnsd > server is order of magnitudes faster and less resource intensive than > accepting the entire message, and running that message against ClamAv > (one of your examples). I gave ClamAV as an example of efficient distribution of a large and frequently-updated database. I in no way implied that we should abandon IP address lookups in favour of only content-scanning. Regards, David.