[Asrg] DNSxL notation for IPv6?
Matthias Leisi
matthias at leisi.net
Tue Sep 18 14:06:58 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Steve Atkins schrieb:
>> Besides the bandwidth argument (is this a valid argument?)
>
> Not really, no. You'd need to do the packet stuffing math and
> some IP range distributions and suchlike to demonstrate that
> the difference in size relative to fixed overhead isn't that great,
> but it's really not a big deal.
Based on this argument (including the on-the-wire format) and
considering John L.'s DNSxL BCP, it seems reasonable to keep PTR-style
lookups.
> Another interesting question would be "Would you ever check
> for anything smaller than a /64?".
Rarely, I guess, but that's rather a policy decision and should not have
an influence on the protocol.
> And, should there be an "I'm not dead" entry (127.0.0.2), and
> perhaps an "I am dead" entry or response?
>
> And, should the response not just say "This /128 is listed", but
> rather "This /128 is listed as part of this larger /52" ?
And one may want to query someting like "Which [how many, ...] addresses
in this /52 are listed?". But this is not IPv6 specific - it's something
I'd like to see for IPv6 DNSxLs as well.
I'm aware of lists that will return a 127/8 response if some threshold
of a range is listed, but a more powerful query/response mechanism would
help eg to aggregate reputation scores from multiple sources.
> I suspect these questions, and many more like them, are already
> being touched on as part of the DNSBL BCP stuff people are
> looking at, but I've not looked at recent drafts so I'm not sure.
Partially - it is (rightly so) mostly a codification of what is
currently out there.
- -- Matthias
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFG8BPCxbHw2nyi/okRAvhiAJ9qcpaPElTVgzoLpsJGDbDo/wHCVQCg2BjI
FP6XzjIxw/G7QNEZTPxqkSo=
=CpzW
-----END PGP SIGNATURE-----
More information about the Asrg
mailing list