[RPZ] RPZ Findings.
Paul Vixie
paul at redbarn.org
Fri Dec 21 04:03:50 UTC 2012
On 2012-12-20 8:09 PM, Augie Schwer wrote:
> Overall the RPZ zones have little impact on traffic.
>
> I captured three hours of traffic across three of our most popular DNS
> hosts for a total of 755,938 queries. Of those queries only 1403 queries
> generated an RPZ hit -- for a ratio of 0.18%.
try the trick i described here:
http://www.circleid.com/posts/using_domain_filtering_to_effect_ip_address_filtering/
this may give you a higher hit rate.
> The most effective RPZ zone was the rpz.spamhaus.org
> <http://rpz.spamhaus.org> zone; accounting
> for 61.9% of the RPZ hits; rpz.surbl.org <http://rpz.surbl.org>
> accounted for the remaining hits.
order matters. you should give each one a chance to be first in the
subscription list. otherwise the things that either one would have
stopped will be logged only as matching the first one in the
subscription list.
> This is in an ISP environment.
755K / 3 servers / 3 hours is ~100K/hour. that's... a very small ISP in
the grand scheme of things. you may not have a large enough customer
base to be a good statistical sample for any RPZ, no matter what order
you're trying them in.
paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.redbarn.org/pipermail/dnsfirewalls/attachments/20121221/aa3071f5/attachment.htm>
More information about the DNSfirewalls
mailing list