Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blacklists and Whitelists)
"Chris Lewis" <clewis@nortel.com> Sun, 16 November 2008 21:34 UTC
Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 60C573A694F; Sun, 16 Nov 2008 13:34:12 -0800 (PST)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 46BEB3A694F for <ietf@core3.amsl.com>; Sun, 16 Nov 2008 13:34:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.007
X-Spam-Level:
X-Spam-Status: No, score=-5.007 tagged_above=-999 required=5 tests=[AWL=-0.499, BAYES_00=-2.599, MISSING_HEADERS=1.292, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WvSBF292CoCn for <ietf@core3.amsl.com>; Sun, 16 Nov 2008 13:34:10 -0800 (PST)
Received: from zrtps0kn.nortel.com (zrtps0kn.nortel.com [47.140.192.55]) by core3.amsl.com (Postfix) with ESMTP id 518DA3A68BA for <ietf@ietf.org>; Sun, 16 Nov 2008 13:34:10 -0800 (PST)
Received: from zrtphxs1.corp.nortel.com (zrtphxs1.corp.nortel.com [47.140.202.46]) by zrtps0kn.nortel.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id mAGLY6W05616 for <ietf@ietf.org>; Sun, 16 Nov 2008 21:34:07 GMT
Received: from zrtphx5h0.corp.nortel.com ([47.140.202.65]) by zrtphxs1.corp.nortel.com with Microsoft SMTPSVC(6.0.3790.3959); Sun, 16 Nov 2008 16:34:06 -0500
Received: from [47.130.64.34] (47.130.64.34) by zrtphx5h0.corp.nortel.com (47.140.202.65) with Microsoft SMTP Server (TLS) id 8.1.311.2; Sun, 16 Nov 2008 16:34:06 -0500
Message-ID: <492091CC.6080603@nortel.com>
Date: Sun, 16 Nov 2008 16:34:04 -0500
From: Chris Lewis <clewis@nortel.com>
Organization: Nortel
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
CC: "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blacklists and Whitelists)
References: <200811161745.mAGHjEpQ016510@drugs.dv.isc.org> <87vdunqxlo.fsf@mid.deneb.enyo.de>
In-Reply-To: <87vdunqxlo.fsf@mid.deneb.enyo.de>
X-OriginalArrivalTime: 16 Nov 2008 21:34:06.0945 (UTC) FILETIME=[0DD64D10:01C94833]
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
Florian Weimer wrote: > The expectation is that error messages generated from TXT records > contain the actual IP addresses which triggered the DNSBL lookups. As > a result, if you list a /16 (say), you need publish 65,536 different > TXT records. > > Currently, these records are synthesized using a macro capability in > the DNS server. How does that break DNSSEC? A number of DNSBLs merely suggest an error message in their usage instructions, and leave it up to the client to synthesize a combination of the suggested error message and the IP address. Macro expansion in the client (either of supplied TXT or client-configured string) seems common. Of course, they're still only suggestions, and some DNSBL users will generate their own. The worst of all is the clients that don't tell you what the IP was and no other way to remediate issues. There are situations like this which even leave admins scratching their heads. [While the BCP isn't yet on the table w.r.t. the spec (it may be), this issue is covered in the BCP.] _______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Stephane Bortzmeyer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Stephane Bortzmeyer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John L
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Dave CROCKER
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Sam Hartman
- The purpose of a Last Call Dave CROCKER
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Livingood, Jason
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Doug Otis
- Re: The purpose of a Last Call Pete Resnick
- Re: The purpose of a Last Call Sam Hartman
- Re: The purpose of a Last Call Leslie Daigle
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John C Klensin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… ned+ietf
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Dave CROCKER
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Eric Rescorla
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Dave CROCKER
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Steven M. Bellovin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Eric Rescorla
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John C Klensin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John C Klensin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Paul Hoffman
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Doug Ewell
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- draft-irtf-asrg-bcp-blacklists John Leslie
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Theodore Tso
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: draft-irtf-asrg-bcp-blacklists SM
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Theodore Tso
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- Re: draft-irtf-asrg-bcp-blacklists John Levine
- Re: draft-irtf-asrg-bcp-blacklists Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… David Conrad
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John C Klensin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John C Klensin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John C Klensin
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Livingood, Jason
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Livingood, Jason
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Matthias Leisi
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… michael.dillon
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Hansen
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Steven M. Bellovin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Matthias Leisi
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Livingood, Jason
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Dave CROCKER
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Steve Linford
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… der Mouse
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tim Chown
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Theodore Tso
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… michael.dillon
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Steve Linford
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Lisa Dusseault
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Joe St Sauver
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Jamie Tomasello
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… der Mouse
- Re: draft-irtf-asrg-bcp-blacklists Rich Kulawiec
- IPv6 traffic stats (was: Re: Last Call: draft-irt… David Kessens
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: IPv6 traffic stats Harald Alvestrand
- Re: IPv6 traffic stats Turchanyi Geza
- Re: IPv6 traffic stats Harald Alvestrand
- Re: IPv6 traffic stats Marc Manthey
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… SM
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Andrew Sullivan
- Re: IPv6 traffic stats Pekka Savola
- Re: IPv6 traffic stats Harald Alvestrand
- RE: IPv6 traffic stats Hallam-Baker, Phillip
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Andrew Sullivan
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: IPv6 traffic stats Geoff Huston
- Re: IPv6 traffic stats Peter Sherbin
- Re: IPv6 traffic stats Pekka Savola
- Re: IPv6 traffic stats (was: Re: Last Call: draft… Danny McPherson
- Re: IPv6 traffic stats Danny McPherson
- Re: IPv6 traffic stats Iljitsch van Beijnum
- Re: IPv6 traffic stats Iljitsch van Beijnum
- Re: IPv6 traffic stats (was: Re: Last Call: draft… David Kessens
- RE: IPv6 traffic stats TJ
- Re: IPv6 traffic stats (was: Re: Last Call: draft… Danny McPherson
- Re: IPv6 traffic stats (was: Re: Last Call: draft… David Kessens
- Re: IPv6 traffic stats (was: Re: Last Call: draft… Olivier MJ Crepin-Leblond
- Re: IPv6 traffic stats - limitations of 6to4 Pekka Savola
- Re: IPv6 traffic stats Pekka Savola
- Re: IPv6 traffic stats - limitations of 6to4 Rémi Després
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Doug Otis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Florian Weimer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Florian Weimer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Mark Andrews
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Florian Weimer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Florian Weimer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Florian Weimer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Mark Andrews
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Mark Andrews
- Re: Last Call: draft-irtf-asrg-blinds (DNS Blackl… Chris Lewis