You may recall that we've been discussing ways to publish DNS authority
boundaries, like the Mozilla PSL but in the DNS itself, not a text file.
I've been claiming that with careful use of wildcards one make the number
of lookups depend on the number of boundaries, not the number of labels
in the name being checked, so it's reliably reasonably fast.
I figured I should put my bits where my mouth is so I wrote a script to
translate the Mozilla PSL into DNS rules. It turned out to be harder than
I thought because the PSL has wildcard rules with exceptions, e.g.:
*.ck
!www.ck
That turned out to be straightforward to handle with a tweak to the spec I
just made in the -03 version.
The code to make the DNS records, and another script to take a domain name
and look it up in those records are here:
https://github.com/jrlevine/bound
I think the lookup code is OK but there may be some glitches in the PSL
translator for some of the more arcane combination of wildcard and
non-wildcard boundaries. Take a look if interested.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
PS to Scott: I think it would be pretty easy to add a tag for PSD TLDs.
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
