You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Andrzej Adam Filip <an...@gmail.com> on 2011/07/06 08:15:47 UTC
Re: DUL/DUL+ redesign to improve DNS cache hit ratio [SA v. MTA]
"David F. Skoll" <df...@roaringpenguin.com> wrote:
> On Tue, 05 Jul 2011 23:26:16 +0200
> Andrzej Adam Filip <an...@gmail.com> wrote:
>
>> Would you recommend redesigning (mainly) DUL/DUL+ DNSBL lists to
>> improve DNS cache hit ratio?
>
> No, not really. The poor cache hit ratio doesn't seem to be a problem
> in practice (most people were surprised by the results). If you have
> a high-enough lookup volume that it does become a problem, you just arrange
> to obtain (or buy) the data and run a local authoritative name server.
You are most likely right in case of SA asking all configured DNSBL to
generate spam score - improvement of some/minority DNS cache hit ration
would not be impressive in improving overall preference.
*BUT*
It may improve performance e.g. in case of hundredths mail servers in a
data/co-location center using shared forwarder and rejecting on first
DNSBL hit. Somehow I doubt buying data for such "reseller" configuration
is legally encouraged by paid DNSBL operators.
--
[pl>en: Andrew] Andrzej Adam Filip : anfi@onet.eu
Welcome to Lake Wobegon, where all the men are strong, the women are pretty,
and the children are above-average.
-- Garrison Keillor
Re: DUL/DUL+ redesign to improve DNS cache hit ratio [SA v. MTA]
Posted by Andrzej Adam Filip <an...@gmail.com>.
"David F. Skoll" <df...@roaringpenguin.com> wrote:
> On Wed, 06 Jul 2011 08:15:47 +0200
> Andrzej Adam Filip <an...@gmail.com> wrote:
>
>> It may improve performance e.g. in case of hundredths mail servers in
>> a data/co-location center using shared forwarder and rejecting on
>> first DNSBL hit. Somehow I doubt buying data for such "reseller"
>> configuration is legally encouraged by paid DNSBL operators.
>
> This is true. But it's also not in paid DNSBL operators interest to
> improve the hit ratio. If the cache hit ratio is improved too much,
> the DNSBL operators would be unable to detect heavy users and ask
> (threaten) them for money. :) In the limiting case, if the cache
> becomes *too* effective, the organization hosting the cache *is*
> effectively providing the whole data set to its users.
To put it short:
a) Only DNSBL listing "net ranges" (e.g. DUL/DUL+, network "reputation")
can be quite easily redesigned to improve DNS hit ratio (IMHO)
b) Free of charge DNSBL would benefit the most
c) In case of DUL list quality is not (IMHO) defined by big */16 entries
(e.g. home ADSL ranges) that will generate most DNS cache hits
--
[pl>en: Andrew] Andrzej Adam Filip : anfi@onet.eu
I do not believe that this generation of Americans is willing to resign
itself to going to bed each night by the light of a Communist moon...
-- Lyndon B. Johnson
Re: DUL/DUL+ redesign to improve DNS cache hit ratio [SA v. MTA]
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Wed, 06 Jul 2011 08:15:47 +0200
Andrzej Adam Filip <an...@gmail.com> wrote:
> It may improve performance e.g. in case of hundredths mail servers in
> a data/co-location center using shared forwarder and rejecting on
> first DNSBL hit. Somehow I doubt buying data for such "reseller"
> configuration is legally encouraged by paid DNSBL operators.
This is true. But it's also not in paid DNSBL operators interest to
improve the hit ratio. If the cache hit ratio is improved too much,
the DNSBL operators would be unable to detect heavy users and ask
(threaten) them for money. :) In the limiting case, if the cache
becomes *too* effective, the organization hosting the cache *is*
effectively providing the whole data set to its users.
Regards,
David.