[rbldnsd] Feature request: DNSSEC
Victor Duchovni
Victor.Duchovni at morganstanley.com
Fri Jul 11 16:58:37 MSD 2008
On Fri, Jul 11, 2008 at 09:19:08AM +0200, Florian Weimer wrote:
> * Victor Duchovni:
>
> > This number works out to ~2.4 million records. Does signing wildcards
> > break punching "holes" for exceptions.
>
> This is more realistic.
It is not, because while the A record is independent of the CIDR block
member address, the TXT record is not. So the TXT records need individual
signatures.
> > You can build a zone file with 420 million listed IPs for each of which
> > you need
>
> I'd like to use the realistic zone file, not the artificially enlarged
> one.
I am not convinced it is artificially enlarged.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
More information about the rbldnsd
mailing list