-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Douglas Otis schrieb:
Although the 64 bytes needed for reversed IPv6 address names impacts
reverse lookups, and schemes like rfc4025, returning an A record is not
a problem. The zone size for programs like rbldnsd will necessitate
additional servers.
A large DNSBL has in the area of 5 mio entries. CPU and I/O load should
not be a problem with IPv6 addresses.
The sheer number of IPv6 addresses impairs
establishing reputations, even at /64 CIDRs. IPv6 reputations are
Even IPv4-based reputation suffers from a scaling problem.
<shameless plug>That's why I believe that "enumerating goodness" is more
powerful in the long run than "enumerating badness" and my motivation
for building up dnswl.org</shameless plug>
unlikely to prove an effective deterrent and will likely cause the
number of routes to explode even more rapidly. Placing all your
fingers, toes, and other body parts in the IPv6 spam source damn is
likely to be a wasted and ill-considered effort. This effort will enjoy
greater cache miss rates, increased packet sizes, a massive and
expensive database, and more routes. There are better approaches that
do not depend upon the IP address as an identifier.
ACK, IP addresses are just one element. OTOH, as long as signing
mechanisms are not more widely deployed, and as long as domain names are
free (as in beer) for some purposes, IP addresses and associated
information (ranges, routes) remain important.
- -- Matthias
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFG8BemxbHw2nyi/okRAs2aAJ4rG77ATqlsxTnBWS22O38PBIyRsACcC0Bp
cy/HWbqs6LaVrBzxnfh5eSM=
=YjhH
-----END PGP SIGNATURE-----
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg