Re: DNS and hostname hiding: my experience FWIW

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Greg A. Woods
Dátum:  
Címzett: exim-users
Tárgy: Re: DNS and hostname hiding: my experience FWIW
[ On Thu, October 2, 1997 at 17:04:36 (+0100), Chris Thompson wrote: ]
> Subject: Re: DNS and hostname hiding: my experience FWIW
>
> The point is that MTAs like Exim, at any rate, are going to collect the
> complete set of possible recipient IP addresses, working through multiple
> MX's and multiple A's, during a routing phase. This is quite a lot of
> resolver calls with any of these schemes, and one really does want the
> results to be cached in a local nameserver for a decent interval thereafter.


Yes, this is quite true.

Note though that resolvers like lbnamed usually return only one record,
often with a TTL of 0, per request. In theory this will be the best
server to connect to at that instant (i.e. it should be at least up and
running and may even be the one with the smallest current load). If
these one-off selective responses are cached any length of time they'll
possibly be self-defeating and even less useful than plain old
round-robin responses, but if they have a TTL of 0 (which is the case
for one largish ISP that tried to use lbnamed to manage MXs), then
there'll be a DNS lookup (presumably the A's for the targets will be
cachable and eventually will all be locally cached) for every mail
delivery. (I the case I refer to approximately 50-70% of the MX queries
were failing to return anything in time and since many resolvers don't
retry with a TCP connect when the UDP request times out so the result
was 'no such host'!)

Compuserve's MX target host A records are handed out with a TTL of 24
hours these days, so in theory a local cache will greatly reduce DNS
traffic for mail servers which often route to these mailers.

Unfortunately if the local DNS cache is running BIND then the multiple A
records for a configuration like Compuserve's will not be round-robin
rotated (though I think exim randomises them so this isn't a problem for
all mailers). This may force the target mailers to run with limiters on
the number of connections they accept (esp. if the source of their mail
is a relatively concentrated number of mailers) and thus a sending
mailer may have to make several attempts before reaching one of the
listed MX hosts. (Still less overall IP traffic than some other
schemes....)

-- 
                            Greg A. Woods


+1 416 443-1734      VE3TCP      <gwoods@???>      <robohack!woods>
Planix, Inc. <woods@???>; Secrets of the Weird <woods@???>


--
* This is sent by the exim-users mailing list.  To unsubscribe send a
    mail with subject "unsubscribe" to exim-users-request@???
* Exim information can be found at http://www.exim.org/