[SURBL-Discuss] Death By DNS

Rob McEwen webmaster at turnaprofit.com
Tue Jul 27 16:07:50 CEST 2004


sm said:

> If the DNS server is slow, it will cause problems.  If you are going to use 
> DNS based blacklists, you should have a reliable DNS server.

While I generally agree with this statement, I would add
that that reliability and speed are not always a "yes/no", or 
"good/bad" thing. There are some grey areas or varying 
degrees of responsiveness and speed and, definitely, using
blacklists in the way that SURBL does puts a new level of 
burden or stress on DNS servers.

For example, if a DNS server is generally good, but does 
have a 12 millisecond response time (using an arbitrary number) 
due to being shared among dozens (or hundreds) of 
other servers, this 12 milliseconds gets multiplied out 
when a dozen SURBL lookups hit at practically the 
same instant. In this case, the message is dependent on
ALL of these requests being answered before the message
can continue. This can also cause the mail server to 
have to work more threads at any one given time...
which can lead to additional scalability and performance
issues.

Therefore, many DNS server situations which are more than 
adequate for regular situations may not be adequte for
SURBL lookups.

Rob McEwen



More information about the Discuss mailing list