> On Sun, 14 Feb 2010, Jonas Eckerman wrote: >> 1: The participation record is optional, so you only use it if you want >> "everything else" to be rejected.
On 15.02.10 09:04, Charles Gregory wrote: > This is why I would support mtamark... It permits the sysadmin to > determine the default behaviour for his IP range, rather than defining a > dangerous default in the client. > > And I quote: > This subdomain MAY be inserted at any level in the DNS tree for IPv4 > IN-ADDR.ARPA reverse zones. For IPv6, to limit the number of DNS > queries, _srv is only queried at the /128 (host), /64 (subnet) and / > 32 (site) level. That way it can either provide information for a > specific IP address or for a whole network block. More specific > information takes precedence over information found closer to the top > of the tree. > > The beauty of this mechanism is that we can 'sell' large ISP's on it by > saying "you only need to create one 'allow' entry for each legitimate MTA > and one 'deny' entry for each netblock. well, the ipv6 addresses are (were?) expected to be allocated by /48 blocks, so we could need check on this level too, imho. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Silvester Stallone: Father of the RISC concept.
