>The expectation is that error messages generated from TXT records >contain the actual IP addresses which triggered the DNSBL lookups. As >a result, if you list a /16 (say), you need publish 65,536 different >TXT records.
Some do, some don't. In any event I agree that DNSSEC is not ideally suited to signing DNSBLs, but I would think that with some judicious partitioning into subzones the problem wouldn't be intractable. R's, John _______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
