RE: [SURBL-Discuss] Combined SURBL A record format (Was: Re: BillStearns' sa-blacklistavailable as SURBL: ws.surbl.org)
Hi Scott, Multiple A records can result from a single query:
% nslookup www.yahoo.com
Name: www.yahoo.akadns.net Addresses: 216.109.117.207, 216.109.118.75,
216.109.118.66, 216.109.118.77
216.109.118.73, 216.109.117.205, 216.109.117.204,216.109.118.70
Aliases: www.yahoo.com
And they should all come from the locally cached copy of the zone file, so they're fast.
A single bit masked A record would be smaller but require a little more application CPU to decode. Multiple A records may be faster but they're bulkier. I find the multiple A records more readable. It's one of those classic tradeoffs.
Jeff C.
So desu ka.
I would have thought that a bit masked record was faster, as you already have all the data you need with the first call. From then on bitwise CPU operations would be umpteen times faster than performing slower DNS callouts, even if they are cached. I am assuming, however, that perhaps the Spamassassin code 'caches' the first A record lookup for bitwise operations...I am not too familiar with the eval-rbl workings. It may be that it performs subsequent DNS lookups in either case? The only way to speed that up would be to load the first lookup into a variable for use in later bitwise calculations...
Anyway keep up the good work all,
cheers Scott
On Wednesday, April 21, 2004, 2:01:16 AM, Scott Truman wrote:
I would have thought that a bit masked record was faster, as you already have all the data you need with the first call. From then on bitwise CPU operations would be umpteen times faster than performing slower DNS callouts, even if they are cached. I am assuming, however, that perhaps the Spamassassin code 'caches' the first A record lookup for bitwise operations...I am not too familiar with the eval-rbl workings. It may be that it performs subsequent DNS lookups in either case? The only way to speed that up would be to load the first lookup into a variable for use in later bitwise calculations...
Yes, you're right bitwise operations should be really fast.
I suppose the only downside is readability, but Sidney makes some interesting arguments against that.
Jeff C.
On Wednesday, April 21, 2004, 2:01:16 AM, Scott Truman wrote:
I would have thought that a bit masked record was faster, as you already have all the data you need with the first call. From then on bitwise CPU operations would be umpteen times faster than performing slower DNS callouts, even if they are cached. I am assuming, however, that perhaps the Spamassassin code 'caches' the first A record lookup for bitwise operations...I am not too familiar with the eval-rbl workings. It may be that it performs subsequent DNS lookups in either case? The only way to speed that up would be to load the first lookup into a variable for use in later bitwise calculations...
Yes, you're right bitwise operations should be really fast.
I suppose the only downside is readability, but Sidney makes some interesting arguments against that.
Does the bitwise approach only allow use of the last octet of the ip address ? If so, that would limit you to a maximum of 8 merged "sources" of matches that could be distinguised. Probably not a problem in practice, but still a theoretical downside.
On the other hand, assuming that more than the last 8 bits could be used, a reasonably large number of sources would be a lot more compact with the bitwise approach, although it would place a definite limit on the maximum number...
Regards, Simon
On Wednesday, April 21, 2004, 3:13:44 AM, Simon Byrnand wrote:
Does the bitwise approach only allow use of the last octet of the ip address ? If so, that would limit you to a maximum of 8 merged "sources" of matches that could be distinguised. Probably not a problem in practice, but still a theoretical downside.
Other combined lists seem to used only 8 bits, i.e. 8 sources:
Using the DNSBL
In opm.blitzed.org, the A record has an IP address of 127.1.0.x where x is a bitmask of the types of proxy that have been reported to be running on the host. The values of the bitmask are as follows:
WinGate 1 SOCKS 2 HTTP CONNECT 4 Router 8 HTTP POST 16
In principle bits in the other octets could also be used, but in practice I don't see us having more than 8 sources. The question of how to do a combined list is still open however, so comments continue to be welcome.
Jeff C.
-
Jeff Chan -
Scott Truman -
Simon Byrnand