On Wed, Dec 22, 2010 at 04:49:24AM -0000, John Levine <[email protected]> wrote a message of 23 lines which said:
> So I came up with an entirely different way to store and query the > data in the DNS, which as far as I can tell will have excellent > performance and cache behavior, even if bad guys are hopping all over > the IP address space. Take a look, tell me if I'm nuts: > > http://www.ietf.org/id/draft-levine-iprangepub-00.txt It seems an excellent idea. The DNS will be used only as a store and the (relatively) complicated logic will be in the client. Two small nits: 1) the attack you describe (a bad guy using all the addresses in its /64 to send spam) may have limits, for instance in the ND cache of its router which may become full soon. It is possible that the bad guy will have to rate-limit its churn. AFAIK, there have not been a serious experimental test of this attack, only guesses that it may be possible. 2) I suggest to completely drop the acronym CIDR, which is not necessary in IPv6, which was always classless. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
