> but for the reference, in my environment, typical lookup times > (the names not on the cache DNS(djb's dnscache)) > for the clients that has reverse name: > 300 ~ 1000 ms. > clients with mis-configured DNS(SERVFAIL or worst): > 1000 ms. ~ resolve timeout. > > DNSBL checkings are typicaly shorter, > 50 ~ 300 ms. b.barracudacentral.com > 280 ~ 1100 ms. zen.spamhaus.org
I have measured these to learn actual status of real environment using tiny perl scripts. I picked up IPs from maillog of several days ago, avoiding disturbance of DNS cache effects. Number of sample IP was 1000. DNS query timeout was 3 sec. I have choosed zen.spamhaus.org and b.barracudacentral.org as DNSBL sites this time. Charts: https://sites.google.com/site/tomoyukipostfix/ chart g_1 shows distribution of reverse-name query time of eache samples. g_2 shows distribution of DNSBL query time. from these charts, all DNSBL queries are completed within 1.4 sec. while reverse-dns queries of 95% are completed. I thought the certainty of getting reverse names could be that level if the queries had given up at certain time limit.
pgpZDCov4cLv3.pgp
Description: PGP signature
