Tony Finch wrote:
On Mon, 10 Nov 2008, Keith Moore wrote:
I suspect it will be very difficult to make IPv6 DNSxLs work anywhere
nearly as well as IPv4 DNSxLs, because in IPv6 it is fairly easy to use
a different address for every SMTP conversation.
I expect that attack will make /48 or /64 listings common. This has the
obvious downside of an increased risk of one infected host spoiling email
connectivity for its immediate neighbours, even more than is already the
case for IPv4 DNSBLs. Perhaps ISPs and hosting providers can mitigate that
by enforcing address allocation policies.
Or perhaps enterprise networks will be forced to outsource their mail
submission to third parties with supposedly "trustworthy" addresses.
Which IMHO would not be a desirable result.
In any case, DNSBLs should scale roughly according to the size of the
routing table, not the size of the address space.
What does it mean for a DNSBL to "scale"?
Keith
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf