Re: DNSWL will be disabled by default as of tomorrow

[Daniel McDonald]

On 12/13/11 8:09 AM, "Martin Gregorie" <mar...@gregorie.org> wrote:

> On Tue, 2011-12-13 at 13:52 +0100, Axb wrote:
>> On 2011-12-13 13:44, Kevin A. McGrail wrote:
>>>> If a list is down or unresponsive for any reason, discards requests or
>>>> blanks their zone file, the test entry would fail and SA would know to
>>>> not use the list. Similarly, 127.0.0.1 should never be listed for any
>>>> DNSBL that I'm aware of, and so when a list moves to a list-the-world
>>>> configuration, this entry would spot it.
>>>> 
>>> Unfortunately, 1 is a bitwise answer I've seen it used. In fact, just
>>> checking real quick, I've got an RBL that uses 1 on a live server now.
>> 
> At the risk of exposing my ignorance, I had a thought.
> 
> Since the entire 127/8 is reserved for loopback, nothing in the
> 127.0.0/24 block should be used as addresses. So, what is preventing
> RBLs and RWLs from using the third octet as a status indicator? It seems
> to me that the 4th octet can be used as at present as a query response
> which would by convention be a valid response if the 3rd octet is zero.

I have in the past seen at least one DNSBL that used the 3rd octet, as they
had more than 8 lists in a multi-configuration.  I don't recall which one it
was...


-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281