IPv6 black lists?

Mohacsi Janos mohacsi at niif.hu
Wed Mar 10 09:25:47 CET 2010

On Wed, 10 Mar 2010, Brian E Carpenter wrote:

> But is dnsbl a technique that should be encouraged for IPv6?
> It's already a blunt weapon for IPv4. As the virbl site notes,
> for IPv6 the only practical atom is a /64 and that is a *very*
> blunt weapon indeed. Its potential for false positives is
> extremely high.

I think dnsbl can be used for IPv6 - no difference in semantics from IPv4. 
The dnsbl filtering on /64 is very dangerous for making blackholes for 
ligitimate SMTP server. Consider e.g. malware infected desktop PC. Do you 
filter e.g. /24 for a IPv4? Same gradual approach should be taken. If more 
than predefined limit (defined clearly by dnsbl operator) reached then 
/128 filtering to /64 might be injected. Users of the particular dnsbl can 
decide whether the defined approach is acceptable for them.....

Best Regards,
 		Janos Mohacsi

>    Brian
> On 2010-03-10 02:46, Emanuele Balla wrote:
>> On 3/9/10 2:41 PM, Shane Kerr wrote:
>>> Hello,
>>> Does anybody know if there are IPv6 DNSBL available?
>>> Thanks,
>> http://virbl.bit.nl/index.php#ipv6
>> Mainly proofs of concept, since rbldnsd does not support ipv6 datasets yet.

More information about the ipv6-ops mailing list