* Mark Andrews: > In message <87skpt279z.fsf@xxxxxxxxxxxxxxxxx>, Florian Weimer writes: >> * Stephane Bortzmeyer: >> >> > Second question, the document indeed standardizes many things which >> > are not in common use but does not point towards a rationale, so some >> > choices are puzzling. Why TXT records to point to an URL and not >> > NAPTR? Is this because of current usage in DNSxL? If so, this should >> > be noted. But why IPv6 lists use a A record and not a AAAA? I am not >> > aware of existing IPv6 lists so this cannot be the current usage? >> >> The lack of a macro capability also means that it's basically >> impossible to secure DNSBL zones with DNSSEC when they contain larger >> chunks of address space; see the example in section 2.1. > > How so? The expectation is that error messages generated from TXT records contain the actual IP addresses which triggered the DNSBL lookups. As a result, if you list a /16 (say), you need publish 65,536 different TXT records. Currently, these records are synthesized using a macro capability in the DNS server. _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf