[Asrg] DNSxL notation for IPv6?
Chris Lewis
clewis at nortel.com
Tue Sep 18 15:49:37 EDT 2007
Matthias Leisi wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Douglas Otis schrieb:
>
>> Although the 64 bytes needed for reversed IPv6 address names impacts
>> reverse lookups, and schemes like rfc4025, returning an A record is not
>> a problem. The zone size for programs like rbldnsd will necessitate
>> additional servers.
>
> A large DNSBL has in the area of 5 mio entries. CPU and I/O load should
> not be a problem with IPv6 addresses.
One of the DSBL variants has around 11 million, and one of the SORBs
lists had 13m when I last looked. We have run with both CBL (5m
entries) and DSBL simultaneously, no problems.
Even when you combine them altogether into a single zone, where each
entry has its own A record, rbldnsd still behaves pretty nicely.
Our zone file is ~500mb, and we do several million queries per day, and
get sustained query rates of ~2-3 million/hour upon occasion. CPU is
still under ~5%.
Not a problem for reasonably modern hardware.
More information about the Asrg
mailing list