Walter Dnes wrote:
- If a server gets a query via IPV4, it should return an A record
- If a server gets a query via IPV6, it should return an AAAA record
That's IMO a bit exaggerated, DNSBLs in essence (ab)use one IPv4
127.0.0.2 to signal "listed". Extended to 127/8, maybe avoiding
127/31, to indicate also some kind of reason, e.g. defining sets
for the up to 32-8 (or 32-8-1) "free" bits in this range.
That's an ordinary DNS lookup for an A-record, no matter if this
is transported via IPv4, IPv6, or avian carrier to DNSBL servers.
And this is a feature, e.g., I have no IPv6. But I can check
if an IPv6 is listed, using the ip6.arpa format specified in
the draft. I implemented this some days ago, no problem.
An open question is which IPv6 could be used as test entry, to
check that a DNSBL is alive and supporting IPv6. The draft has
it clear that ::1 MUST NOT be listed (like 127.0.0.1), that is
good to find maniacs suddenly listing "the world" (it happened).
The draft proposes (or proposed if John changed it) to use ::2
as test entry (like 127.0.0.2). I wasn't sure if this is as it
should be, and proposed ::FFFF:127.0.0.2 (as the always listed
IPv6 test entry).
If you have a better proposal, or if you could tell us what is
dubious with ::2, or dubious with ::FFFF:127.0.0.2, this would
help us, as it is in essence the only open question.
DNSBLs don't need more "reason codes" than 127/8 (minus 127/31
in my parallel universe, but that is not a part of the draft).
Frank
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg