In message <[EMAIL PROTECTED]>, Florian Weimer writes:
> * Mark Andrews:
>
> > In message <[EMAIL PROTECTED]>, Florian Weimer writes:
> >> * Stephane Bortzmeyer:
> >>
> >> > Second question, the document indeed standardizes many things which
> >> > are not in common use but does not point towards a rationale, so some
> >> > choices are puzzling. Why TXT records to point to an URL and not
> >> > NAPTR? Is this because of current usage in DNSxL? If so, this should
> >> > be noted. But why IPv6 lists use a A record and not a AAAA? I am not
> >> > aware of existing IPv6 lists so this cannot be the current usage?
> >>
> >> The lack of a macro capability also means that it's basically
> >> impossible to secure DNSBL zones with DNSSEC when they contain larger
> >> chunks of address space; see the example in section 2.1.
> >
> > How so?
>
> The expectation is that error messages generated from TXT records
> contain the actual IP addresses which triggered the DNSBL lookups. As
> a result, if you list a /16 (say), you need publish 65,536 different
> TXT records.
>
> Currently, these records are synthesized using a macro capability in
> the DNS server.
Which is independent of DNSSEC. I ask again how this a
DNSSEC problem.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
