>The expectation is that error messages generated from TXT records
>contain the actual IP addresses which triggered the DNSBL lookups.  As
>a result, if you list a /16 (say), you need publish 65,536 different
>TXT records.

Some do, some don't.  In any event I agree that DNSSEC is not ideally
suited to signing DNSBLs, but I would think that with some judicious
partitioning into subzones the problem wouldn't be intractable.

R's,
John
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Reply via email to