[Asrg] DNSxL notation for IPv6?

[Douglas Otis]

On Sep 18, 2007, at 6:20 AM, John Levine wrote:

>>> What would make sense, and what not?  What has already been tried?
>
> In my DNSxL draft, soon to be an RFC we hope, I say that it's  
> nibble reversed hex, the same as v6 rDNS.
>
>>> Besides the bandwidth argument (is this a valid argument?)
>>
>> I don't think so.  Reversed-nibble takes 64 bytes of DNS packet  
>> contents (alternating length bytes and nibble-in-ASCII-hex bytes);  
>> I don't consider this large enough to be an issue, especially  
>> since it will normally occur only once per packet, even if  
>> multiple records are returned, thanks to name compression.
>
> Quite right.  Any normal v6 query or response should fit in a 512  
> byte packet, and that's all that matters.

Nevertheless, IPv6 remains a problem for email.  IPv6 is problematic  
when attempting to construct ever larger and more dangerous SPF  
records, for example.

Section 1.3 indicates why reverse DNS lookup for IPv6 is being met  
with little enthusiasm.
http://tools.ietf.org/html/draft-ietf-dnsop-reverse-mapping- 
considerations-05

Although the 64 bytes needed for reversed IPv6 address names impacts  
reverse lookups, and schemes like rfc4025, returning an A record is  
not a problem.  The zone size for programs like rbldnsd will  
necessitate additional servers.   The sheer number of IPv6 addresses  
impairs establishing reputations, even at /64 CIDRs.  IPv6  
reputations are unlikely to prove an effective deterrent and will  
likely cause the number of routes to explode even more rapidly.   
Placing all your fingers, toes, and other body parts in the IPv6 spam  
source damn is likely to be a wasted and ill-considered effort.  This  
effort will enjoy greater cache miss rates, increased packet sizes, a  
massive and expensive database, and more routes.  There are better  
approaches that do not depend upon the IP address as an identifier.

-Doug