Re: [Asrg] DNSxL notation for IPv6?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steve Atkins schrieb:

>> Besides the bandwidth argument (is this a valid argument?)

Based on this argument (including the on-the-wire format) and considering John L.'s DNSxL BCP, it seems reasonable to keep PTR-style lookups.

> Another interesting question would be "Would you ever check
> for anything smaller than a /64?".

Rarely, I guess, but that's rather a policy decision and should not have an influence on the protocol.

> And, should there be an "I'm not dead" entry (127.0.0.2), and
> perhaps an "I am dead" entry or response?
>
> And, should the response not just say "This /128 is listed", but
> rather "This /128 is listed as part of this larger /52" ?

And one may want to query someting like "Which [how many, ...] addresses in this /52 are listed?". But this is not IPv6 specific - it's something I'd like to see for IPv6 DNSxLs as well.

I'm aware of lists that will return a 127/8 response if some threshold of a range is listed, but a more powerful query/response mechanism would help eg to aggregate reputation scores from multiple sources.

Do you need help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related ietf.org Links asrg imrg Request more information about Pantek

> I suspect these questions, and many more like them, are already
> being touched on as part of the DNSBL BCP stuff people are
> looking at, but I've not looked at recent drafts so I'm not sure.

Partially - it is (rightly so) mostly a codification of what is currently out there.

• -- Matthias

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFG8BPCxbHw2nyi/okRAvhiAJ9qcpaPElTVgzoLpsJGDbDo/wHCVQCg2BjI FP6XzjIxw/G7QNEZTPxqkSo=
=CpzW
-----END PGP SIGNATURE-----