On Wed, 29 Dec 2010 15:26:07 -0500, "David F. Skoll" <d...@roaringpenguin.com> wrote:
>On Wed, 29 Dec 2010 21:09:42 +0100 >Matthias Leisi <matth...@leisi.net> wrote: > >> I'm not sure whether that would be more appropriate for the dev list, >> but I guess this is relevant/of interest to the SpamAssassin project, >> and I don't know whether this has caught attention here yet. > >In the draft, John asserts: > > "For blacklists, an obvious approach would be to limit the granularity > of DNSBLs, so that, say, each /64 had a separate listing, and the > queries only used the high 64 bits of each address. While this might > limit the damage from DNSBL queries, it is not helpful for DNS > whitelists, which by their nature list individual IP addresses" > >I'm not sure I agree with that. The smallest unit of IPv6 address >space allocated by a provider (even to an end-user) is likely to be a >/64, so I don't see why whitelists can't list /64's too. Essentially, >I disagree with the phrase "which by their nature list individual IP >addresses". > >Regards, > >DAvid. I'd wonder at the DNS traffic, I may be wrong but this looks like between 4 and 24 look-ups per check. DoS? Nigel
