Re: [exim] How to handle DNS timeout delays when spam RBL is…

Top Page
Delete this message
Reply to this message
Author: Michael Sprague
Date:  
To: exim-users
Subject: Re: [exim] How to handle DNS timeout delays when spam RBL is under DDoS attack?
On Wed, Aug 15, 2007 at 05:28:10AM -0700, Alexander Perlis wrote:
<SNIP>
> So I ask again: does anyone know how to get Exim to keep track of
> timed-out DNS lookups against the local cache and not repeatedly retry
> such lookups on each SMTP conversation?


I don't think exim should handle DNS on its own, personally. I remember
hearing about some DNS software that does or can do negative caching.
I'm not sure if djbdns fails into that category.

By negative caching I mean that it will remember that it was unable to
reach any of the nameservers for the domain in question. Then when a
request comes in for anything in that domain, it will return a failure
immediately. Of course how long it would keep the entry in the negative
cache would be configurable. At least this way exim wouldn't be waiting
around for 30 seconds.

Another idea. If the RBL allows it, you could grab a copy of the zone
and run it locally.

Just some thoughts. :)

mikeS

-- 
Michael F. Sprague     | mfs@???
http://www.saneinc.net | System and Network Engineering (SaNE), Inc
Providers of the SpamOnion anti-spam service