Everything posted by kaos.ocs
kaos.ocs posted a topic in Software IssuesLooking at a customer's DNS traffic (Ubuntu 10.04, bind9 1:9.7.0), I noticed repeated outgoing queries for some names under bl.spamcop.net. The names being queried are not listed in bl.spamcop.net so they get NXDOMAIN. The NXDOMAIN response is not cached, so each mail attempt from these IP addresses results in a new query being sent to spamcop. Bind9 follows RFC2308 and treats the minimum ttl in the SOA as the cache time for NXDOMAIN responses. The NXDOMAIN response is not cached because the SOA for bl.spamcop.net has a 0 value for minimum ttl. Is this field set to 0 on spamcop by design? It significantly increases the number of DNS requests to spamcop. Some DSNRBL sites have a non-zero value for minimum ttl on the order of 10-60 minutes, so they are not hit with repeated queries for the same name. Digging through the bind9 source code, there is an undocumented config option, min-ncache-ttl. I set this to 300 seconds and the query rate to spamcop dropped way off. However I don't like overriding values like this without knowing the reason for the original setting.
kaos.ocs replied to kaos.ocs's topic in Software IssuesSpamcop is only used for email. It's a small ISP, about 3M email attempts a day, of which 2.2M are rejected by one RBL or another. All the RBL positives are cached and so are the NXDOMAIN responses from other RBLs; AFAICT it is only the spamcop NXDOMAIN responses that are not being cached. I'm just trying to reduce the network load and delay for legitimate senders.