RRL probably not useful for DNS IP blacklists,
Noel Butler
noel.butler at ausics.net
Tue Sep 24 11:12:14 UTC 2013
On Mon, 2013-09-23 at 19:21 +0000, Vernon Schryver wrote:
> > > As a matter of interest, if one had a DNSBL with 5.5 million entries
> > > (i.e. 5.5 million IPs):
> > >
> > > 1) What needs to be done to rewrite that to a BIND zone?
> > > 2) What sort of machine would be required to load that zone?
> > > 3) How long would it take to load into BIND?
> >
Likely wouldnt have 5.5 mill IP's because you can fine grain it with any
CIDR (and exclude by /32 or any CIDR)
>
> By the way, how much smaller would that DNSBL be if it could use
> wildcards? I suspect a real (as opposed to synthetic) DNSBL has
> a lot of repetition in all except the last labels.
>
We used to run our int bl on bind, it was a resource hog compared to
rbldnsd
But there is no way in hell, I'd run rbldnsd on anything else other
than a BL,
IMO, they are both designed to do different things, and they both do
their own thing, much better than the other because if it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130924/6e327d1e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130924/6e327d1e/attachment.bin>
More information about the bind-users
mailing list