IPv6 black lists?
mohacsi at niif.hu
Wed Mar 10 09:25:47 CET 2010
On Wed, 10 Mar 2010, Brian E Carpenter wrote:
> But is dnsbl a technique that should be encouraged for IPv6?
> It's already a blunt weapon for IPv4. As the virbl site notes,
> for IPv6 the only practical atom is a /64 and that is a *very*
> blunt weapon indeed. Its potential for false positives is
> extremely high.
I think dnsbl can be used for IPv6 - no difference in semantics from IPv4.
The dnsbl filtering on /64 is very dangerous for making blackholes for
ligitimate SMTP server. Consider e.g. malware infected desktop PC. Do you
filter e.g. /24 for a IPv4? Same gradual approach should be taken. If more
than predefined limit (defined clearly by dnsbl operator) reached then
/128 filtering to /64 might be injected. Users of the particular dnsbl can
decide whether the defined approach is acceptable for them.....
> On 2010-03-10 02:46, Emanuele Balla wrote:
>> On 3/9/10 2:41 PM, Shane Kerr wrote:
>>> Does anybody know if there are IPv6 DNSBL available?
>> Mainly proofs of concept, since rbldnsd does not support ipv6 datasets yet.
More information about the ipv6-ops