Re: URIBL_BLOCKED while using local BIND

Wed, 16 Sep 2015 02:15:54 -0700 

Hi Dave,
you are right: That is a measurement of "how fast is my ISP's cache?". But literally, that's all I want: I do not want "better" DNS results than I got from my ISPs DNS servers so far. I'd like to keep up the benefit of using a large DNS cache, without blocking these resources on my host. My ISPs DNS servers are dedicated to resolve and cache the results. Why shouldn't I make use of these cached data, but build up an own pool of cached data for a second time, blocking resources on my machine, which can make good use of these resources for another workload? Also, this caches are preserved when my machines are restarted. And WHY these results are faster provided is technically an unfair comparison, yes, but summed up to what's important for my case it isn't. 


All I want is to make queries to the DNSBL services on my own and not 
using my ISPs servers, since these have drained their free contingent 
all the time.



That's why I have tried to configure bind as suggested at 
http://wiki.apache.org/spamassassin/CachingNameserver#Non-forwarding , 
but this seems not to work.


Best regards,
Marc

Am 15.09.2015 um 16:41 schrieb Dave Funk:

However you did not empty your ISP's dns server cache.
That 2 msec response time is from his cache, the 543 msec for your
server is when it's not in your server's cache.
So you're not making a fair comparison.

A response from a cache is always going to be faster, that's why people
use caching servers.
However with everybody & his cat using your ISP's server it gets query
blocked and thus is caching the bad (blocked) response.

So either you get bad data fast or good data slowly.

Once you get a second spam with similar contents, queries for that copy
will be in your cache and be fast.

Given that a modern SA parallelizes DNS queries a somewhat slow DNS
response (hundreds of Msecs) won't have too much overall affect on the
spam processing time.

On Tue, 15 Sep 2015, Marc Richter wrote:


Yes

Am 15.09.2015 um 13:30 schrieb Axb:

On 09/15/2015 01:23 PM, Marc Richter wrote:

Also, you shouldn't make assumptions without measuring something:

1. without forwarding:

;; Query time: 543 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)

2. with forwarding to my ISP's servers:

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)

That's 271 times faster than root-servers's lookup.


did you EMPTY cache after each query?






























					Reply via email to