On Mar 8, 2012, at 12:59 PM, Dick Visser wrote: >> >> While I understand the argument that an IPv4-reverse zone is trivially >> enumerated, that will change when IPv6 becomes more common. Naively >> trying every IP is just not feasible anymore. In that case NSEC will >> actually be helpfull in finding adresses that are assigned.
try dig @open.nlnetlabs.nl 0.6.0.2.0.8.b.7.0.1.0.0.2.ip6.arpa. and dig @open.nlnetlabs.nl 2.6.0.2.0.8.b.7.0.1.0.0.2.ip6.arpa. The first query gives you NOERROR (and an empty answer session). This means that 0.6.0.2.0.8.b.7.0.1.0.0.2.ip6.arpa. the queried type (A) does not exist at this node, but the node itself does. The tree may have more depth. The second query gives you NXDOMAIN which means it does not exist and that there are also no subdomains. The domain tree stops here. Although these answers might be a bit implementation dependend it is trivial to enumerate an IPv6 address tree. -Olaf ________________________________________________________ Olaf M. Kolkman NLnet Labs http://www.nlnetlabs.nl/
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
