On Tue, 4 Jan 2011, David F. Skoll wrote:
If the problem is blowing DNS caches, then one solution is to query only
authoritative name servers.
After all, the total volume of DNS[BW]L queries from mail servers even
without caching is probably very much less than the total volume of
queries that go to the root name servers and they seem to cope.
You can't compare them. The nature of the queries is vastly different -
the root nameservers only get queries like "where are the authoritative
DNS servers for impsec.org?"
Only querying the authoritative RBL server discards the distributed
caching feature of DNS, which is a primary benefit of using DNS. It will
greatly increase the load on those authoritative servers, likely leading
those who provide them to alter their free query policies in order to
recover their suddenly-increased costs of operation.
DNS needs to deal with an exponentially-increased address space regardless
of how RBLs behave. Perhaphs DNS caching needs to be partitioned so that a
huge number of queries on *.spamhaus.org don't blow everything else out of
the cache.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Vista: because the audio experience is *far* more important than
network throughput.
-----------------------------------------------------------------------
13 days until Benjamin Franklin's 305th Birthday
