The expectation is that error messages generated from TXT records
contain the actual IP addresses which triggered the DNSBL lookups. As
a result, if you list a /16 (say), you need publish 65,536 different
TXT records.
Some do, some don't. In any event I agree that DNSSEC is not ideally
suited to signing DNSBLs, but I would think that with some judicious
partitioning into subzones the problem wouldn't be intractable.
R's,
John
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf