>>No, my explanation doesn't show a major misunderstanding -- you simply >>misunderstood what I was saying. >> >It does show a complete lake of experience in any kind of implementation
How so? >>I'm describing how the entire *system* works, including DNS caches >>(which are typically on a different system, connected via LAN) and >>upstream DNS caches and servers (on different networks, connected via >>WAN). >> >Right, but if you have a server in production & a customer base you will >not be using a 286/386. You aren't going to kill your pci bus with DNS. I never said *anything* about a PCI bus. I never even *hinted* that the CPU or host doing the lookups would be highly penalized, performance-wise, because it employs SPF, during a targeted attack. In fact, you are replying to my previous email in which I gave IMO a lucid analogy, and here you talk as if you have no idea what is the difference between a CPU, an L1 cache, an L2 cache, RAM, and so on. >I am scared to ask how do you feal about running anti virus? Now that >is a system work load. I am running f-prot on every email that gets >past the spam stuff. Nice. But in the context of my SPF concerns, I'm not really worried what kinds of *localized* processing people do to combat spam, forgeries, etc., because that processing doesn't burden the rest of the Internet. The problem with SPF is that it adds *significant* stress to a *shared* resource: specifically, the DNS data base and the upstream caches and servers upon which we all depend. You can hand-wave the importance of that added stress all you want, but a *real* engineer would run the numbers and determine whether it would all work before proposing it be widely adopted. To my knowledge, no real engineering has been done to ensure that SPF, once widely deployed, won't make DNS nearly useless for *all* of us, regardless of whether we use it. In short, DNS is a commons. SPF represents a potential abuse of that commons, so its effects should be carefully studied *before* deployment, to see if the positive effects of using SPF justify the expenses. >Compaired to anti-virus why would I care about DNS Lookup. Exactly. You don't care about DNS lookup, because you don't care about what effects doing lots of additional lookups will have on upstream caches and servers and, therefore, the *other* people who are using them for *real* work. >So this just MUST STOP. WTF are you talking about? >If you don't believe in SPF then good for you. Sheesh. With that attitude, why are you discussing it at all? Just use it yourself and STFU. *I* certainly have plenty of system resources to use SPF. But that was never my point in the first place, was it? I was talking about the *long-term* effects of SPF, whether it'd be scalable over the Internet, as it was widely deployed. I believe I made that clear from the get-go. What distinguishes *my* point of view from *yours* is that I actually care about the effects new technologies will have on others, and on me even when I don't wish to deploy them. -- James Craig Burley Software Craftsperson <http://www.jcb-sc.com>
