[Mimedefang] RBL and DNS lookups

Fri May 11 11:09:19 EDT 2007

We run rbldnsd on one older server (although it could run on the m ail
server if resources are available).  We use rsync to download quite a few
RBL lists.  RBLDNSD is designed for very high performance, low memory
footprint specifically for using DNS for RBLs.  At about 1,000,000 message
per day we are unable to measure ANY additional processor load on that
server from rbldnsd.

Our caching dns server is then configured to go to our rbldnsd for just
those zones.   The advantage, if properly configured is that if your rbldnsd
server is down it will hit the network zone...just slower.  Between the high
performance of rbldnsd and the high cache hit ratio on the dns server,
response time is only a few milliseconds on all these lists. If you do not
run local mirrors and have low volume (meaning that you get little benefit
from the DNS cache), then it can climb to several seconds.

here is a fragment from our named.conf (munged)

zone "multi.surbl.org" IN {
        type forward;
        forward first;
        forwarders {
        xxx.xxx.xxx.xxx; # (Ip address of our RBL server)
        };
};

zone "sip.invaluement.com" IN {
        type forward;
        forward first;
        forwarders {
        xxx.xxx.xxx.xxx; # (Ip address of our RBL server)

        };
};

zone "uri.invaluement.com" IN {
        type forward;
        forward first;
        forwarders {
        xxx.xxx.xxx.xxx; # (Ip address of our RBL server)

        };
};
zone "sbl-xbl.dnsbl" IN {
        type forward;
        forward first;
        forwarders {
        xxx.xxx.xxx.xxx; # (Ip address of our RBL server)

        };
};
zone "sbl.dnsbl" IN {
        type forward;
        forward first;
        forwarders {
        xxx.xxx.xxx.xxx; # (Ip address of our RBL server)
        };
};

zone "xbl.dnsbl" IN {
        type forward;
        forward first;
        forwarders {
        xxx.xxx.xxx.xxx; # (Ip address of our RBL server)

        };
};
----- Original Message ----- 
From: "Daniel Aquino" <mr.danielaquino at gmail.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Thursday, May 10, 2007 12:52 PM
Subject: Re: [Mimedefang] RBL and DNS lookups

>
> > Has this actually happened to you or someone you know, or are you
> > just worried that it might happen?
>
> We previously had a SGI server that it's main issue was waiting around
> for rbl responses.
>
>
> > > Would I need a special dns daemon hanging around for doing just this
task ?
> >
> > That depends entirely on you system load and how your existing
> > DNS system and network handles it.
>
> Well the dns cache I will install locally will only be used by this
> mail filter it self...
> My point was should I run a local cache for regular dns lookups,
> and another for rbl lookups ?
> Or is there no such limitations that would force me to do that?
>
> > >> in some cases, I run local mirrors of the entire RBL.
>
> How much space do you need for a full dns mirror ?
> _______________________________________________
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID.  You may ignore it.
>
> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
> MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>
>