[SURBL-Discuss] Death By DNS

SM sm at resistor.net
Tue Jul 27 21:23:08 CEST 2004


Hi Rob,
At 13:07 27-07-2004, Rob McEwen wrote:
>While I generally agree with this statement, I would add
>that that reliability and speed are not always a "yes/no", or
>"good/bad" thing. There are some grey areas or varying
>degrees of responsiveness and speed and, definitely, using
>blacklists in the way that SURBL does puts a new level of
>burden or stress on DNS servers.

I generally avoid generalized statements.  I agree with you that it is not 
always a yes or not answer.

>For example, if a DNS server is generally good, but does
>have a 12 millisecond response time (using an arbitrary number)
>due to being shared among dozens (or hundreds) of
>other servers, this 12 milliseconds gets multiplied out
>when a dozen SURBL lookups hit at practically the
>same instant. In this case, the message is dependent on
>ALL of these requests being answered before the message
>can continue. This can also cause the mail server to
>have to work more threads at any one given time...
>which can lead to additional scalability and performance
>issues.

If the DNS server has a response time of 12 milliseconds (an example of a 
fast response), the total lookup time is negligible.  If your DNS server 
has a 5 second response time (I have seen that), you will run into 
performance issues.

>Therefore, many DNS server situations which are more than
>adequate for regular situations may not be adequte for
>SURBL lookups.

Yes.  That is why one should verify whether the lookups are working 
correctly before implementing mail filter based on SURBL or any other RBL.

You can verify response time by running the tests 
at   http://www.surbl.org/faq.html#testpoints

Regards,
-sm 



More information about the Discuss mailing list