On Tue 21 Mar 2023 at 18:27:42 (-0400), Stefan Monnier wrote: > > me second. 192.168.1.1/24 just makes me confused with 192.168.1.1/32 > > which is a real host address. > > Interesting. > I can't remember ever seeing 192.168.1.1/32 used. In my my part of the > world, it's only meaningful as a degenerate form: all the syntaxes I've > seen which accept the IP/NN notation also accept just IP to mean IP/32, > so writing IP/32 is just more verbose and half-confusing (makes you > wonder why the guy bothered to add /32).
On Tue 21 Mar 2023 at 18:40:00 (-0500), David Wright wrote: > > I assume the reason that host-ip-address/cidr-length is a permitted > domain-spec for ipv4: is by analogy with host-domain/cidr-length for > a:. So a:colo.example.com/28 could, if colo.example.com had an A > record with 93.184.216.34, be written 93.184.216.34/28. If you had > to write a strict network address, you'd have to figure out that it's > 93.184.216.32/28. Easy in this case, but error-prone when you're > obliged to convert, say, a looked-up x.y.z.185/28 to its network > address of x.y.z.176/28. Looking back at the OP's context, I think we're making a false assumption that the /<cidr-length> notation is specifying a network address. I don't think it is. If we take the example of a typical /24 network, 192.168.1.0, the fact that we set an ipv4: mechanism of, say, 192.168.1.176/28 doesn't mean that there's a network or a subnet with that address/netmask. Such a network will still have an address of 192.168.1.0, and broadcast on 192.168.1.255, but the SPF notation indicates that hosts 192.168.1.176 through 192.168.1.191 are awarded a pass, because only those addresses match in the first 28 bits. The host 192.168.1.192, on the same network, with the same network address, will fail that particular test. As you can see from my quote above, the eye is less deceived by the notation a:colo.example.com/28 than it is by ipv4:93.184.216.34/28 into thinking that the latter is a network address. Cheers, David.
