IETF Logo Mail Archive

Re: [dnsext] slave signing, was does making names the same NEED protocol changes at all?

John Levine <johnl@iecc.com> Sun, 27 February 2011 18:31 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 691703A6A26; Sun, 27 Feb 2011 10:31:54 -0800 (PST)
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9FBC13A6A27 for <dnsext@core3.amsl.com>; Sun, 27 Feb 2011 10:31:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.691
X-Spam-Level:
X-Spam-Status: No, score=-110.691 tagged_above=-999 required=5 tests=[AWL=0.508, BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9a1i-J3R+cwZ for <dnsext@core3.amsl.com>; Sun, 27 Feb 2011 10:31:51 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [64.57.183.53]) by core3.amsl.com (Postfix) with ESMTP id 9C2073A6A26 for <dnsext@ietf.org>; Sun, 27 Feb 2011 10:31:51 -0800 (PST)
Received: (qmail 6433 invoked from network); 27 Feb 2011 18:32:49 -0000
Received: from mail1.iecc.com (64.57.183.56) by mail1.iecc.com with QMQP; 27 Feb 2011 18:32:49 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:cc:mime-version:content-type:content-transfer-encoding:vbr-info; s=19bc.4d6a98d1.k1102; i=johnl@user.iecc.com; bh=fbmex9+J/CoZv2mwBCPDu76hV13U2l9CjM4F/79dtH8=; b=BlKzgseTClK0cQbQNun4mWzM6wsHytRiuoJzwkOgArS2l9NrFzfrkh33mlWXhtwA1xbECpTbDieUZ+JsN8JSju+aeomiaCZRo1QGZQ8yJzygcazDjFmWe1vzS3bRHxm4sz1YmESB3LMksftUwjo1swZi1DTe9eUgZ9Sf5VDpHb8=
VBR-Info: md=iecc.com; mc=all; mv=dwl.spamhaus.org
Date: Sun, 27 Feb 2011 18:32:49 -0000
Message-ID: <20110227183249.6587.qmail@joyce.lan>
From: John Levine <johnl@iecc.com>
To: dnsext@ietf.org
In-Reply-To: <AANLkTikkNakEpmC7=7Q6-npA6r3-JLmMWXwZ5HZsggUz@mail.gmail.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Subject: Re: [dnsext] slave signing, was does making names the same NEED protocol changes at all?
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

>> We don't have a plan for IPv6 DNSBLs and DNSWLs either, but if it
>> ends up being anything like what people do for IPv4 (an open question,
>> due to DNS cache explosion problems) rbldnsd is going to have to sign
>> on the fly, too.
>
>This is the sort of issue that I would hope that the IAB spent time
>thinking about.
>
>One answer to this question could well be that the people who use
>blacklists have to develop their own technology designed for the
>purpose.

Over in the ASRG we're working on it.  I have an alternate version of
DNSBL/WLs organized like a b-tree that seems to have pretty good cache
behavior, but it's surprisingly hard to get people to wrap their heads
around the fact that there is a problem.

R's,
John
_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email