Re: [Asrg] DNSxL notation for IPv6?

From: Chris Lewis <clewis(at)nortel.com>
Date: Tue Sep 18 2007 - 15:49:37 EDT

Matthias Leisi wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Douglas Otis schrieb:
>

>> Although the 64 bytes needed for reversed IPv6 address names impacts
>> reverse lookups, and schemes like rfc4025, returning an A record is not
>> a problem.  The zone size for programs like rbldnsd will necessitate
>> additional servers.   

>
> A large DNSBL has in the area of 5 mio entries. CPU and I/O load should
> not be a problem with IPv6 addresses.

One of the DSBL variants has around 11 million, and one of the SORBs lists had 13m when I last looked. We have run with both CBL (5m entries) and DSBL simultaneously, no problems.

Even when you combine them altogether into a single zone, where each entry has its own A record, rbldnsd still behaves pretty nicely.

Our zone file is ~500mb, and we do several million queries per day, and get sustained query rates of ~2-3 million/hour upon occasion. CPU is still under ~5%.

Not a problem for reasonably modern hardware.

---

Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg Received on Tue Sep 18 16:02:03 2007