[rbldnsd] ipv6 support for rbldnsd
Michael Tokarev
mjt at tls.msk.ru
Mon Oct 15 08:11:42 MSK 2012
On 15.10.2012 01:31, Alexander Egorov wrote:
> Hi Michael,
>
> I am using your product for providing rbl information for MTA hosts in
> my network.
> Currently, there is a task to move toward ipv6 addressing and since
> our monitoring and abuse systems are capable of gathering IPs of badly
> behaving users and add them into local rbl list.
> I have read your post at
> http://git.corpit.ru/?p=rbldnsd.git;a=commitdiff_plain;h=ipv6 however
> I am still guessing, what means trivial set of ipv6 addresses? Is that
> singl ipv6 ip address per line? Would be very interested to know and
> appreciate your response.
The format requires /64s and whitelisted /128:
excl = *s == '!';
bits = ip6prefix(s, addr, &s);
if (bits != (excl ? 128 : 64)) {
dswarn(dsc, "invalid address for %s (should be %d bits)",
excl ? "exclusion" : "regular entry", excl ? 128 : 64);
return 1;
}
something like that.
I still don't know what's a "proper way" to list IPv6 addresses.
There are 2 strong and disagrreing opinions: one say listing of
/64 is enough, and we should not allow smaller ranges, and others
says "definitely /128". YMMV.
/mjt
More information about the rbldnsd
mailing list