[Mimedefang] SURBL effectiveness and domain turnaround time

Jeff Rife mimedefang at nabs.net
Thu Sep 9 02:13:16 EDT 2004 

On 8 Sep 2004 at 23:27, David F. Skoll wrote:

> sc.surbl.org seems to have a 15-minute TTL.  And the negative-response
> caching TTL is under your control.

I guess that was my point.  A short TTL does little for IPs/URLs that 
are in the BL.  It just makes sure that a removed entry gets propogated 
quickly...not usually an issue.  On the other hand, it would be logical 
for the "client" to put negative responses at no less than 1 hour 
before you query again, at least for "general" queries.  I'll have to 
see if I can set up my cache so that negative responses from specific 
domains/servers have a different TTL than "general" ones.

> DNS lookups are pretty cheap -- one UDP packet out and one UDP packet back
> in.

A couple of delays in response can just kill throughput on sendmail, 
though.

> sc.surbl.org has 13 name servers, just like the root name servers of
> the Internet.  You can imagine that if 13 name servers can handle all
> the root name server traffic, it's not so bad to have a low TTL. :-)

Since the root domains don't change much, they have a larger TTL, I 
suspect.  A quick check shows that it is a little more than 6 hours.  
Also, they really just pass off TTLs from the subdomains (i.e., 
whatever is in the SOA for roaringpenguin.com gets propagated to the 
.com root servers).

Unfortunately, though, some brain-dead implementations (*cough* 
Microsoft *cough*) "lock on" to one DNS server, so having more than one 
is useless.  Once a MS client asks what machine is authoritative for 
surbl.org, gets the "here's the list" answer, and picks one, it uses 
that one until the TTL expires, even if it can't contact it anymore.  
Unless surbl.org uses a load-sharing system that isn't evident to the 
client, MS clients wouldn't take advantage of multiple servers.


--
Jeff Rife        | "This?  This is ice.  This is what happens to 
SPAM bait:       |  water when it gets too cold.  This?  This is 
AskDOJ at usdoj.gov |  Kent.  This is what happens to people when 
spam at ftc.gov     |  they get too sexually frustrated." 
                 |         -- Chris Knight, "Real Genius"

More information about the MIMEDefang mailing list