A bit less than a week has gone by after changing all „aclactions“ ot „refuse“. An update:
> Some statistics on overall usage (all numnbers rounded to avoid the > impression of overly exact numbers): > > * 332’000 sources querying list.dnswl.org <http://list.dnswl.org/> zone in > the past 30 days > * of those, 13’100 sources have been doing more than 30 * 100’000 queries > (ie, "consistent overusers“, and not just those who have a spike once in a > while) > * 273 * 10^9 queries over the past 30 days overall > * Of these, ca 75% of the queries (200 * 10^9) have been issued by the 13’100 > „consistent overusers“ * 353’000 sources querying the zone in the past 30 days, of which there are 15’000 consistent overusers * 287 * 10^9 queries over the past days, ie an increase of ca 5% (this is for the previous 30 days in both cases, and not just the previous week) * 224 * 10^9 by the „consistent overusers“, ca 78% (three percentage points increase) I’d say that these changes can also be attributed to regular fluctuation. Let’s see in another week whether it’s only noise in the data or indicating a trend. Rough distribution: mag count 500 18 250 76 100 161 50 494 25 1011 10 3133 5 4513 3 5621 1 337992 * mag = number of queries over the past 30 days, in millions (10^6) * count = number of sources seen (which will equal to fewer actual „responsibles“ due to numerous IPs being used by eg Google & Co) * regular limit of 30 * 100’000 would be 3 * 10^6 > We have ca 1’900 IP (ranges) with some form of block (we call this the > „mirror ACL“): > > aclaction count > refuse 5 > returnhi 430 > parentblock 1417 * 2’400 acl entries with aclaction „refuse“ (…_BLOCKED) * of which ca 1’100 have been active in the past 30 days. * most entries with magnitude (see table above) of > 50 have „refuse“ * we make exceptions eg for opensource projects and similar organisations if/when we can spot them (meaningful PTR records are helpful :) ). They could also get a free subscription to avoid accidential _BLOCKED results. — Matthias
