sm said:
If the DNS server is slow, it will cause problems. If you are going to use DNS based blacklists, you should have a reliable DNS server.
While I generally agree with this statement, I would add that that reliability and speed are not always a "yes/no", or "good/bad" thing. There are some grey areas or varying degrees of responsiveness and speed and, definitely, using blacklists in the way that SURBL does puts a new level of burden or stress on DNS servers.
For example, if a DNS server is generally good, but does have a 12 millisecond response time (using an arbitrary number) due to being shared among dozens (or hundreds) of other servers, this 12 milliseconds gets multiplied out when a dozen SURBL lookups hit at practically the same instant. In this case, the message is dependent on ALL of these requests being answered before the message can continue. This can also cause the mail server to have to work more threads at any one given time... which can lead to additional scalability and performance issues.
Therefore, many DNS server situations which are more than adequate for regular situations may not be adequte for SURBL lookups.
Rob McEwen
On Tuesday, July 27, 2004, 1:07:50 PM, Rob McEwen wrote:
sm said:
If the DNS server is slow, it will cause problems. If you are going to use DNS based blacklists, you should have a reliable DNS server.
While I generally agree with this statement, I would add that that reliability and speed are not always a "yes/no", or "good/bad" thing. There are some grey areas or varying degrees of responsiveness and speed and, definitely, using blacklists in the way that SURBL does puts a new level of burden or stress on DNS servers.
[...]
Therefore, many DNS server situations which are more than adequate for regular situations may not be adequte for SURBL lookups.
Rob McEwen
Hi Rob, It would be interesting if you could supply some measurements about the relative DNS loads caused by SURBLs and other RBLs.
If you're using SpamCopURI be sure to use a recent version (0.13 or later) since it has per query DNS result caching.
I agree a fast name server is desirable, which is why we recommend rbldnsd as fast, small and reliable. It may be posix/unix/linux/bsd only.
Jeff C.
Jeff:
To be sure, I'm never said that the surbl servers in particular are slow.
I was simply saying that because many more lookups are required per message when using SURBL (when compared to the traditional RBL model), much more reliability and speed in required of one's DNS server.
I suspect that all you pros out there participating in lists.surbl.org have such good Net/OS/Software/hardware setups that this was never a problem. ...but should someone come along and complain about SURBL lookups slowing them down and if they are using a Windows server, that software I mentioned will probably help.
Rob McEwen
On Tuesday, July 27, 2004, 4:39:39 PM, Rob McEwen wrote:
...but should someone come along and complain about SURBL lookups slowing them down and if they are using a Windows server, that software I mentioned will probably help.
Yes, local caching of DNS is a good idea and should improve performance. The DNS caching program you mentioned is called TreeWalk:
and it runs under Win32.
Jeff C.
Hi Rob, At 13:07 27-07-2004, Rob McEwen wrote:
While I generally agree with this statement, I would add that that reliability and speed are not always a "yes/no", or "good/bad" thing. There are some grey areas or varying degrees of responsiveness and speed and, definitely, using blacklists in the way that SURBL does puts a new level of burden or stress on DNS servers.
I generally avoid generalized statements. I agree with you that it is not always a yes or not answer.
For example, if a DNS server is generally good, but does have a 12 millisecond response time (using an arbitrary number) due to being shared among dozens (or hundreds) of other servers, this 12 milliseconds gets multiplied out when a dozen SURBL lookups hit at practically the same instant. In this case, the message is dependent on ALL of these requests being answered before the message can continue. This can also cause the mail server to have to work more threads at any one given time... which can lead to additional scalability and performance issues.
If the DNS server has a response time of 12 milliseconds (an example of a fast response), the total lookup time is negligible. If your DNS server has a 5 second response time (I have seen that), you will run into performance issues.
Therefore, many DNS server situations which are more than adequate for regular situations may not be adequte for SURBL lookups.
Yes. That is why one should verify whether the lookups are working correctly before implementing mail filter based on SURBL or any other RBL.
You can verify response time by running the tests at http://www.surbl.org/faq.html#testpoints
Regards, -sm
-
Jeff Chan -
Rob McEwen -
Rob McEwen -
SM