[69725] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Anyone from AT&T here? (AT&T bogus DNSBL answers)

daemon@ATHENA.MIT.EDU (Michael.Dillon@radianz.com)
Mon Apr 19 11:59:55 2004

In-Reply-To: <Pine.LNX.4.44.0404180032290.21648-100000@mailbox.prolocation.net>
To: nanog@merit.edu
From: Michael.Dillon@radianz.com
Date: Mon, 19 Apr 2004 16:54:53 +0100
Errors-To: owner-nanog-outgoing@merit.edu


> > "I finally talked to someone who knows what the problem is.  Your sbl 
sites
> > have been blocked by the standard DNS forwarders supplied by ATT. This 
is
> > due to the workload being generated on them from mailservers."
> 
> Duh! This is really dumb. 

It's not dumb at all.

DNSBLs are using the DNS to do general purpose database
lookups instead of using a generic database lookup 
protocol like LDAP. It's not surprising that this sort
of ugly hack has unintended side effects. After all, people
who build DNS infrastructure intend it to be used to
for generic DNS translations, not generic database lookups.

Funny thing is that most mailer software that uses
DNSBLs also supports LDAP database lookups so there is
really no good reason why DNSBLs exist in the first
place.

IMHO, the DNSBL experiment has proved the usefulness
of having a variety of blacklist/whitelist/greylist databases
for mail servers to query. It's high time that folks
shift these databases onto a protocol that does not interfere
with the Internet's critical DNS systems and I believe that
LDAP is that protocol.

--Michael Dillon


home help back first fref pref prev next nref lref last post