In message <87vdunqxlo.fsf@xxxxxxxxxxxxxxxxx>, Florian Weimer writes: > * Mark Andrews: > > > In message <87skpt279z.fsf@xxxxxxxxxxxxxxxxx>, Florian Weimer writes: > >> * Stephane Bortzmeyer: > >> > >> > Second question, the document indeed standardizes many things which > >> > are not in common use but does not point towards a rationale, so some > >> > choices are puzzling. Why TXT records to point to an URL and not > >> > NAPTR? Is this because of current usage in DNSxL? If so, this should > >> > be noted. But why IPv6 lists use a A record and not a AAAA? I am not > >> > aware of existing IPv6 lists so this cannot be the current usage? > >> > >> The lack of a macro capability also means that it's basically > >> impossible to secure DNSBL zones with DNSSEC when they contain larger > >> chunks of address space; see the example in section 2.1. > > > > How so? > > The expectation is that error messages generated from TXT records > contain the actual IP addresses which triggered the DNSBL lookups. As > a result, if you list a /16 (say), you need publish 65,536 different > TXT records. > > Currently, these records are synthesized using a macro capability in > the DNS server. Which is independent of DNSSEC. I ask again how this a DNSSEC problem. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@xxxxxxx _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf