ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Another dnsbl draft, now standards flavored

2008-07-29 11:08:25
from [der Mouse] [Permanent Link] 
The choice of 127.0.0.0/8 and ANY sort of range in the IPv6 address
space is truly irrelevant.  These are not IP addresses; they just
look like IP addresses.

Correct.  But having the DNSBL return addresses that may actually be
in use means that you can't tell the difference between a correctly
operating DNSBL and an ordinary DNS server returning real IP
addresses.


"Test listings."  If looking up 2.0.0.127.$DNSL and 3.0.0.127.$DNSL (or
whatever the list's should-exist and shouldn't-exist addresses are)
returns the same thing - whether address or no-address - then the list
is not functioning correctly.  (What the should-exist and
shouldn't-exist addresses for the list are constitutes part of the
configuration for use of the list.)

Yes, a lot of lists currently aren't this well built.  I don't see the
popularity of doing it wrong as a reason to not even try to do it right.


Eg: a DNSBL domain gets typo-squattered (or reclaimed), whereupon the
domain owner puts in wildcarded A records pointing at their click
thru advertising page.  In ipv4 space, there is a not insignificant
fraction of DNSBL clients that will treat this as meaning all IPs are
listed.


There's not much that can be done about that.  Those clients will
(mis)behave that way whether or not the DNSL always returns addresses
in 127/8.


The slightly better ones know that non-127/8 returns should be
ignored.


I'd say, rather, that the better ones apply some sanity checks; just
because non-127/8 is the currently-common sanity check does nt mean
it's the only possible, or even best possible, sanity check.


We need the same safety net in ipv6.


I'm not convinced IPv6 has anything at all to do with this.  (Well,
except that once IPv4 is dead then there will be no reason to not use
all 32 bits in A records, since A records won't be used for anything
else.  But that time is far enough off we can ignore it for now.)

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse(_at_)rodents-montreal(_dot_)org
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] On assertions, Steve Atkins
Next by Date:  Re: [Asrg] On assertions, der Mouse
Previous by Thread:  Re: [Asrg] Another dnsbl draft, now standards flavored, Steve Atkins
Next by Thread:  Re: [Asrg] Another dnsbl draft, now standards flavored, John Levine
Indexes:  [Date] [Thread] [Top] [All Lists]