On 4/21/06, Theo de Raadt <[EMAIL PROTECTED]> wrote: > > > think about why this is undesirable and practically impossible for > > > five minutes. (hint: you are confusing DNS names and network addresses, > > > and making incorrect assumptions about how both DNS and pf work). > > > > Well what if *.site.domain meant "find all IP addresses mapped to this > > domain and use them for the list"? I'm probably missing something, but > > I can't think what the problem is. > > Right, and then something in that net changes, and you are blocking > something else, and you then look really stupid. > > We won't build anything so utterly ridiculous.
You're only blocking it until the next DNS update. Anyway, I'm not trying to argue the merits of doing it, just trying to understand why you couldn't.
