At 11:44 PM -0500 2/8/07, Matt Sergeant wrote:
On 8-Feb-07, at 11:21 PM, Douglas Otis wrote:
[...]
3.3. Content of DNSBL Zone File SHOULD Be Limited.
The DNSBL "query root" SHOULD be below the registered domain, so
that the DNSBL information is not conflated with domain housekeeping
information (e.g., name server, MX or SPF records). By using this
approach, DNSBL queries would take the form of
"<query>.dnsbl.example.com" rather than "<query>.example.com".
---
This would be a problem only when zone transfers are used to distribute
data.
... which covers all public DNSBLs, surely?
I think not. DNSBL operators seem to be very fond of rbldnsd, which
does not implement zone transfers. I can't speak for how Spamhaus
moves zones to its authoritative servers or in from primary sources
like the CBL, but their data feeds to big users are via rsync of
rbldnsd data.
HOWEVER, Mr. Otis is missing a more important aspect.
Putting a DNSBL right on a registered domain means that the roots for
the registry-level domain (i.e. the gtld-servers.net machines for a
.com) can be put in a bad spot for a shutdown. The recommended
shutdown procedure (as well as simply wiping out the zone) leaves any
ongoing DNS burden primarily on the nameservers for the parent zone
of the DNSBL, and it would be bad for DNSBL operators to dump that on
others.
--
Bill Cole
bill(_at_)scconsult(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg