Re: [Asrg] Another dnsbl draft, now standards flavored

On Jul 29, 2008, at 10:26 AM, Chris Lewis wrote:

> Tony Hansen wrote:
> > My take:
> > Think of DNSxL as an exercise in steganography: A few bits of  
> > information are encoded into something that looks an awful lot like  
> > an IP address and can be carried over a channel intended to  
> > transmit IP addresses. Otherwise it's an opaque value.
> > The choice of 127.0.0.0/8 and ANY sort of range in the IPv6 address  
> > space is truly irrelevant. These are not IP addresses; they just  
> > look like IP addresses.
> Correct.  But having the DNSBL return addresses that may actually be  
> in use means that you can't tell the difference between a correctly  
> operating DNSBL and an ordinary DNS server returning real IP  
> addresses.
> Eg: a DNSBL domain gets typo-squattered (or reclaimed), whereupon  
> the domain owner puts in wildcarded A records pointing at their  
> click thru advertising page.  In ipv4 space, there is a not  
> insignificant fraction of DNSBL clients that will treat this as  
> meaning all IPs are listed. The slightly better ones know that  
> non-127/8 returns should be ignored.
> We need the same safety net in ipv6.
You'd only need the same safety net for IPv6 responses if you decided  
to have a DNSBL return IPv6 responses, which I don't think anyone is  
seriously suggesting, are they?
Otherwise, it returns an A record and, after you've gone through the  
step of converting the IP address you're querying to a hostname,  
everything behaves identically for v4 and v6 queries.
Cheers,
  Steve

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg