[rbldnsd] Warning: possible danger of using rbldnsd, and upcoming
data format change
Jon Lewis
jlewis at lewis.org
Tue Jun 8 06:21:19 MSD 2004
On Tue, 8 Jun 2004, Michael Tokarev wrote:
> In order to reduce a risk to list larger netranges due to corrupted
> input, I plan to modify rbldnsd in such a way so it will reject
> incomplete IPv4 addreses, disallowing prefixes. In order to specify the
> /8 listing for example, one will have to type 3 zero octets, like
> 127.0.0.0/8, not like 127 or 127/8. Well... maybe the 127/8 form still
> will be accepted.
What about things like:
4.192-218
In order to save on bytes but also make it clear an IP range/entry is
complete, how about requiring that it be a full 4-bytes dotted quad or be
: terminated? Thus the above could be entered as:
4.192-218:
Would that work?
> Another change I'm planning is to constrain the
> minimum prefix length (per dataset), and to reject
> the whole dataset in case of too many parsing
> errors. But I have to think about the features
> first... ;)
You just keep making the 0/0 list harder to do :)
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the rbldnsd
mailing list