-----Original Message----- From: Steven Champeon [mailto:schampeo@hesketh.com] Sent: Tuesday, November 23, 2004 2:37 PM To: discuss@lists.surbl.org Subject: [SURBL-Discuss] comparison of my local blacklist w/ws
I've just grabbed Bill's list of domains and compared it to my local domains blacklist, with some interesting results. The following is a breakdown (expressed in line counts, each line representing a domain) of the similarities and differences.
27546 comparelists.intersection 155709 comparelists.notboth 117662 comparelists.onlyin.localbl 38046 comparelists.onlyin.sa-blacklist.current.domains 183256 comparelists.union
Quick interpretation: my local blacklist has 117662 domains not listed in SURBL.
Jeff owes me a cookie! I've had lots of these submitted, but without decent checking, they go unlisted. Its a manpower issue. He wanted to reduce FPs, which increases time to get listed. Snowballs, and some domains gather dust. :(
I like oatmeal rasin, and Milanos!
---Chris
On Tuesday, November 23, 2004, 2:05:51 PM, Chris Santerre wrote:
From: Steven Champeon [mailto:schampeo@hesketh.com]
I've just grabbed Bill's list of domains and compared it to my local domains blacklist, with some interesting results. The following is a breakdown (expressed in line counts, each line representing a domain) of the similarities and differences.
27546 comparelists.intersection 155709 comparelists.notboth 117662 comparelists.onlyin.localbl 38046 comparelists.onlyin.sa-blacklist.current.domains 183256 comparelists.union
Quick interpretation: my local blacklist has 117662 domains not listed in SURBL.
Jeff owes me a cookie! I've had lots of these submitted, but without decent checking, they go unlisted. Its a manpower issue. He wanted to reduce FPs, which increases time to get listed. Snowballs, and some domains gather dust. :(
I like oatmeal rasin, and Milanos!
---Chris
Cookie for Chris, stat!
JO less and spam check more... LOL! Like that's going to happen. ;-)
Can you delegate some of these to the other SARE ninjas to help with?
Jeff C. -- "If it appears in hams, then don't list it."
hi all, new to the list :D
I have a question. Im running SA and using the SURBLs as part of it on a domain serving 100,000+ daily. Ive decided to take the local DNS cache of the SURBL files and had a look at the documentation for dnsrbld etc. Now I just had a word with one of the network guys who suggested that instead of me re-inventing the wheel by using our domain dns to point to a local rbldnsd machine hosting the SURBL files that i simply just put them onto the man DNS.
I presume there is nothing wrong with that, or would there be any strange consequences. Is there anything else i should know before I go ahead?
thanks all
ronan
On Wednesday, November 24, 2004, 1:18:47 AM, Ronan Ronan wrote:
hi all, new to the list :D
Welcome to the list and SURBLs!
I have a question. Im running SA and using the SURBLs as part of it on a domain serving 100,000+ daily. Ive decided to take the local DNS cache of the SURBL files and had a look at the documentation for dnsrbld etc. Now I just had a word with one of the network guys who suggested that instead of me re-inventing the wheel by using our domain dns to point to a local rbldnsd machine hosting the SURBL files that i simply just put them onto the man DNS.
I presume there is nothing wrong with that, or would there be any strange consequences. Is there anything else i should know before I go ahead?
It sounds like you're considering using the BIND versions of the zone files instead of rbldnsd. Is that right? If so, it's possible to do, but....
It's probably worth noting that the largest and most useful zone file (and probably the only one you actually need) multi.surbl.org is about 10 megabytes. It's possible to serve it up using BIND, but it will consume MUCH more memory and CPU in BIND than in rbldnsd. We very strongly recommend rbldnsd for serving up rbl zone files.
Here's top from a server serving up both BIND and rbldnsd versions of significantly the same files (though the rbldnsd is answering far more queries):
last pid: 58443; load averages: 0.08, 0.14, 0.16 up 13+18:57:46 02:07:58 28 processes: 2 running, 26 sleeping CPU states: 0.8% user, 0.0% nice, 0.4% system, 0.0% interrupt, 98.8% idle Mem: 261M Active, 152M Inact, 50M Wired, 27M Cache, 61M Buf, 12M Free Swap: 1499M Total, 160K Used, 1499M Free
PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 77905 root 2 0 175M 174M select 371:10 0.00% 0.00% named 492 rbldns 2 0 14788K 14040K RUN 50:29 0.00% 0.00% rbldnsd
As you can see BIND is using more than ten times as much memory and much more CPU time than rbldnsd. Though the servers may have been restarted at different times, all were started enough days ago that the difference is very real. The difference in CPU time is actually larger than shown since BIND was started more recently.
Jeff C. -- "If it appears in hams, then don't list it."
-
Chris Santerre -
Jeff Chan -
Ronan