[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bind-users
Subject:    Independent DNS cache in mail servers
From:       Alessandro Vesely <vesely () tana ! it>
Date:       2023-01-29 13:21:06
Message-ID: 532a80a0-8030-dbdd-3606-6d6423227445 () tana ! it
[Download RAW message or body]

Hi,

I forked libopendkim, an abandonware library implementing DKIM signatures for 
email messages.  It has a QUERY_CACHE compile-time option which enables usage 
of a Berkeley DB to store DKIM keys.  If the option is enabled, the local cache 
is looked up before querying the DNS, and keys are cached after retrieving them 
from DNS.  TTLs are also cached and checked.  That happens on each received 
email message.

I never used that option.  I think a mail server deserves a dedicated caching 
resolver.  However, a user of mine succeeded, with some difficulty, to enable 
that option, although he says he doesn't know whether it's actually useful. 
Hence I thought to ask here about opinions:  Is QUERY_CACHE a totally useless 
code bloat that I should remove?  Or is it possibly useful and I should 
integrate it better?

DKIM keys typically use RSA, resulting in fatty keys, but usually within UDP 
sizes.  Albeit someone generates a new key for every message, most domains use 
the same key for months if not years.  Nevertheless, TTLs range from a few 
minutes to a few hours.

What you think?


Best
Ale
-- 





-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact \
us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


[prev in list] [next in list] [prev in thread] [next in thread]