IPv6 black lists?

Mohacsi Janos mohacsi at niif.hu
Wed Mar 10 09:25:47 CET 2010




On Wed, 10 Mar 2010, Brian E Carpenter wrote:

> But is dnsbl a technique that should be encouraged for IPv6?
>
> It's already a blunt weapon for IPv4. As the virbl site notes,
> for IPv6 the only practical atom is a /64 and that is a *very*
> blunt weapon indeed. Its potential for false positives is
> extremely high.


I think dnsbl can be used for IPv6 - no difference in semantics from IPv4. 
The dnsbl filtering on /64 is very dangerous for making blackholes for 
ligitimate SMTP server. Consider e.g. malware infected desktop PC. Do you 
filter e.g. /24 for a IPv4? Same gradual approach should be taken. If more 
than predefined limit (defined clearly by dnsbl operator) reached then 
/128 filtering to /64 might be injected. Users of the particular dnsbl can 
decide whether the defined approach is acceptable for them.....

Best Regards,
 		Janos Mohacsi

>
>    Brian
>
>
> On 2010-03-10 02:46, Emanuele Balla wrote:
>> On 3/9/10 2:41 PM, Shane Kerr wrote:
>>> Hello,
>>>
>>> Does anybody know if there are IPv6 DNSBL available?
>>>
>>> Thanks,
>>
>> http://virbl.bit.nl/index.php#ipv6
>>
>> Mainly proofs of concept, since rbldnsd does not support ipv6 datasets yet.
>>
>


More information about the ipv6-ops mailing list