I made some twiddles to my dbound-in-dns library and updated the I-D to
match.
Code: https://github.com/jrlevine/bound
I-D: https://datatracker.ietf.org/doc/draft-levine-dbound-dns/
I added some more records to the DNS zone so now I believe that by careful
abuse of DNS wildcards, in most cases it will find the closest boundary
(aka public suffic) and DMARC orgznizational domain for a domain with one
or two DNS queries no matter how far down the tree the name is and how
many intermediate boundaries may exist. A zone that describes all the
boundaries in the Mozilla PSL uses 16,000 DNS records which doesn't seem
excessive.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
