On 31/05/22 7:14 am, Wietse Venema wrote:
How urgent is this?
Not very, targetting 3.8.0 should be sufficient.
At this time, I see only an optimization to
avoid sending a query about an IPv4 client address to a DNSXL service
that provides reputation only about IPv6 addresses (and vice versa).
With postscreen parallel DNSXL lookups that is not a disaster.
The main issue would be that many lists allow a certain maximum number
of DNS hits per day, so this would avoid wasting those hits on lookups
that fall under the wrong IP class for the list.
I am concerned about the potential explosion of complexity with:
(query with A or AAAA)
* (service provides reputation for IPv4 or IPv6 clients).
At the moment even IPv6 only lists that I'm aware of (namely the
spameatingmonkey one) still only accepts A queries, so I wouldn't worry
about AAAA queries at this time and there is a possibility that they
won't be needed at all depending on which way the industry in general
goes with this.
I think that we can do better than maintaining multiple parallel
lists. For example, use one list and indicate per DNSXL that they
can be only used for one kind of client IP address. The default
should remain both as it is now.
Can you elaborate on how that would work?
Peter
