Over in e-mail land, we've been pondering the behavior of spammers, who
will likely hop to a different IPv6 address for every spam. If you do rDNS
lookups, your cache will fill up with useless entries, maybe PTR, maybe
NXDOMAIN, it hardly matters. DNSBLs and DNSWLs, if done the same way as
they are in IPv4, have the same problem. These issues are well known in
the mail ops community, where it's now the standard advice not to try rDNS
lookups on incoming IPv6 mail.
Or you just tune the cache retention times. For NXDOMAIN/NODATA
that's 3 hours by default for named but could be tuned down to 10
minutes or lower without ill effects. RFC 2308 recommends 1-3 hours.
DNSBLs already set the min pretty low, e.g. 150 sec for Spamhaus.
Doesn't really matter how low it is if you have so many entries that they
force out the useful ones.
I also don't see the point in worrying about this. Caches cope
with spammers using a different From domains on each piece of email
which is looked up in the DNS.
Modern spam filters don't usually look up the author domain, since it's
usually a genuine address taken from the spam list so it's unrelated to
the real sender. Even if they did, universe of domains that exist is a
vastly smaller set than even IPv4 addresses, and one which caches pretty
well since so many of them are at large sites like Yahoo and Hotmail.
In any event, we can argue about how good or bad an idea it is to use IPv6
rDNS, but that's tangential to the issues of deciding what are reasonable
applications for the DNS. If you're right and rDNS caches well, it's a
good application for DNS. If I'm right and it doesn't cache at all, it's
not such a good application.
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for
Please consider the environment before reading this e-mail. http://jl.ly
Ietf mailing list