It seems an excellent idea. The DNS will be used only as a store and the (relatively) complicated logic will be in the client.
Thanks.
1) the attack you describe (a bad guy using all the addresses in its /64 to send spam) may have limits, for instance in the ND cache of its router which may become full soon. It is possible that the bad guy will have to rate-limit its churn. AFAIK, there have not been a serious experimental test of this attack, only guesses that it may be possible.
Given the size of zombie pools, the rate from each one doesn't have to be very fast. If you have 100,000 hosts, and each one sends one message a minute, you can still send 3 million messages/hour.
2) I suggest to completely drop the acronym CIDR, which is not necessary in IPv6, which was always classless.
Is there a standard term for a range of addresses with the same prefix other than "a range of addresses with the same prefix"?
Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY "I dropped the toothpaste", said Tom, crestfallenly. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
