rbl-style zones?

Ed Allen Smith easmith at beatrice.rutgers.edu
Mon Apr 25 04:43:01 UTC 2005


In message <20050425032353.1133313971 at sa.vix.com> (on 25 April 2005 03:23:53
+0000), vixie at vix.com (Paul Vixie) wrote:
>hello bind workers.  it's been a while, i thought i'd share a conundrum.
>
>we've (isc) received another bug report concerning BIND9's greater use of
>memory (compared to BIND8) when loading and serving "rbl" style dns zones.

Indeed.

>the TXT RRs are just fluff, nothing uses them except sysadmins, who could
>be using SQL to store this stuff.

Not quite - some MTAs apparently will incorporate them in error
messages. Whether or not the sender (if incorrectly blocked) ever gets said
error messages depends on the competence of the sender's ISP, of course.

>most RBL's have a template TXT RR that's the same for all nodes, or even no
>TXT RRs at all (mostly to save space). so there are some alternatives in an
>rbl-zone storage design: (1) don't allow TXT RRs if this optimization is
>desired; (2) allow a template to be specified, sprintf-style, for answers
>to TXT queries where an associated "A" queries would succeed (this is
>controversial, rr-specific synthesis),

What about a compromise between these - one TXT RR per address returned
(one for 127.0.0.2, one for 127.0.0.3, etcetera)?

>dave rand (the other co-founder of MAPS) and i have discussed this a few
>times over the years, and the obvious internal design is a 64K array of
>"class B"'s, each pointing to a 64K array of "A records".  this would be
>a disaster if every /16 had one /32 in it, and may call out
>for more of a tiered-by-octet array of pointers to arrays of pointers to
>arrays to pointers to addresses.  (that way it would take a /32 in every
>/24 to reach maximum memory pain.)

This is going to depend on the blocklist in question - some lists do blocks
of IP addresses (e.g., blackholes.us, dynamic IP blocklists, etcetera), some
do individual IP addresses (e.g., listings of open proxies/relays/etcetera).

>imagine a zone option like "subtype rbl;" to indicate that this is an RBL
>zone and that there can be no TXT or other non-A RRs other than at the apex.

"subtype blocklist;", please.

>my questions are:
>
>1. is this simplistic storage method too simplistic?
>
>2. is there demand in the BIND community for this feature?

It'd encourage us to go from BIND8 to BIND9.

     -Allen

-- 
Allen Smith                       http://cesario.rutgers.edu/easmith/
February 1, 2003                               Space Shuttle Columbia
Ad Astra Per Aspera                     To The Stars Through Asperity


More information about the bind-workers mailing list