[rbldnsd] IPv6 implementation thoughts
Alexander Maassen
outsider at scarynet.org
Sun Mar 25 23:36:25 MSK 2012
Sigh, yes, again :P
Ok, I know there is a discussion going on, but the last thing I've seen
about it was like a few ages ago. From what I remember the discussion
was more like about what minimum range to support (/128 vs /64 etc).
My opinion about this is: /128. Why? Very simple, not everyone assigns a
block to a client (yes, most tunnel providers do, some do /64,
others /56, others /48 etc etc).
However, blocking an entire /64 due to ONE faulty machine in that range
is quite confusing towards the blocked party trying to SOLVE the issue
(it's not only about blocking, but the blocked party surely needs a
simple hint where the issue originates from). If there are people
evading the rbl entry then it's up to the dnsbl system in question to
decide whether to block the entire /64 or not depending on the amount of
hits within that range. This is not something rbldnsd should decide in
my opinion.
Another issue I remember being discussed is how to support the lookups.
Simple answer in my opinion: ip6.arpa style, with ip6.arpa being
replaced by the zone provided. It's being done for IPv4 this way, so do
it for IPv6 as well, no shortcuts. I think even MTA's like exim (at
least in my case) do lookups this way. IRC services I know about (which
heavily use various dnsbl's) also do it that way.
Just my 2 cents,
Alexander Maassen
DroneBL Maintainer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://www.corpit.ru/pipermail/rbldnsd/attachments/20120325/d1673fcd/attachment.pgp>
More information about the rbldnsd
mailing list