Re: [Asrg] Another dnsbl draft, now standards flavored

Tony Hansen wrote:
> My take:
>
> Think of DNSxL as an exercise in steganography: A few bits of 
> information are encoded into something that looks an awful lot like an 
> IP address and can be carried over a channel intended to transmit IP 
> addresses. Otherwise it's an opaque value.
> The choice of 127.0.0.0/8 and ANY sort of range in the IPv6 address 
> space is truly irrelevant. These are not IP addresses; they just look 
> like IP addresses.
Correct.  But having the DNSBL return addresses that may actually be in 
use means that you can't tell the difference between a correctly 
operating DNSBL and an ordinary DNS server returning real IP addresses.
Eg: a DNSBL domain gets typo-squattered (or reclaimed), whereupon the 
domain owner puts in wildcarded A records pointing at their click thru 
advertising page.  In ipv4 space, there is a not insignificant fraction 
of DNSBL clients that will treat this as meaning all IPs are listed. 
The slightly better ones know that non-127/8 returns should be ignored.
We need the same safety net in ipv6.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg