On Tue, 2011-10-18 at 23:52 +0100, Martin Gregorie wrote:
> On Tue, 2011-10-18 at 19:22 +0200, Karsten Bräckelmann wrote:
> > [...] there is one DNS lookup per URI and
> > DNSBL -- e.g. SURBL (multiple lists) or URIBL (multiple listings).
>
> OK, so the answer is not straight forward: thanks for confirming it.
>
> OTOH, a fairly regular occurrence on this list is thread from people who
> get problems from hitting usage limits set by various BL lookups. So, I
>From memory, these are typically "no hits" issues by private or SOHO
users, who aren't anywhere close to the free usage limits -- but using
the DNS by their (large) ISP, instead of running their own caching
nameserver. The ISPs DNS is blocked, or in one recent occurrence the
Google DNS.
I cannot remember any large system being mentioned here, whose admins
did not know they exceed the free usage limit. (The DNSBLs do tell the
admins, the limits aren't strictly enforced AFAIK, and most importantly
only the most aggressive abusers will ever get anything worse than no
responses.)
> wonder if it would be useful for SA to log the number of BL lookups it
> does: as it need only involve of writing a log message every hour or day
> giving the accumulated count for the period, its performance hit should
> be tiny and, of course, it should have an enable/disable configuration
> parameter. Output would be a single log message containing a total for
> all BL lookups or (deluxe version) a total for each configured BL.
Wouldn't grepping the DNS logs already tell the admin about it?
Keep in mind, the actual number of queries isn't relevant unless you're
at least in the general ball-park of 100,000 messages a day.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
