RRL probably not useful for DNS IP blacklists,

Noel Butler noel.butler at ausics.net
Tue Sep 24 21:37:02 UTC 2013


On Tue, 2013-09-24 at 13:40 +0000, Vernon Schryver wrote:

> > From: Noel Butler <noel.butler at ausics.net>
> 
> > We used to run our int bl on bind, it was a resource hog compared to
> > rbldnsd
> > But there is no way in hell, I'd run rbldnsd  on anything else other
> > than a BL,
> >
> > IMO, they are both designed to do different things, and they both do
> > their own thing, much better than the other because if it.
> 
> 10 years ago rbldnsd was the right choice for a DNSBL.  Today rbldnsd
> is an egregious mistake engrained the uninformed and unexamined
> preconceptions and prejudices of DNSBL users.  The hand wringing about
> IPv6 spam ending the usefulness of DNSBLs and the proposals to put
> B-trees into the DNS wire protocol make only if you assume that rsync
> is the only way to distribute DNSBL data and that wildcards cannot be
> used in DNSBLs because rbldnsd didn't like them and that rsync is the
> only way to distribute DNSBL data.
> 
> 


-rbldnsd blocks ipv6 spammers just as good as ipv4 spammers (I'm
assuming thats part of your whinge?)
-combined zones use *exponentially* less resources than bind is alone
makes it worth it
-as for normal resources,  a rbldnsd zone is 106K lines, in bind is 2M
lines, because of its CIDR handling which is messy, and especially in
tset zones
-there is more to DNSBL's than just transfers of zones

you clearly have a bias set-in-concrete mindset about rbldnsd, maybe you
and its author hate each others guts, I dunno, dont care,  our decision
is based on real world live usages, tests, and experiences, for over ten
years of using rbldnsd and twenty with bind, so Vernon I suggest the
only person here who is "hand wringing" as you put it, is yourself,
whatever your problem is, get over it.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130925/c5622684/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130925/c5622684/attachment-0001.bin>


More information about the bind-users mailing list