|
»
« Return to Thread: DNSBL BCP v.2.0
Re: DNSBL BCP v.2.0
by Bill Cole-2
::
Rate this Message:
At 1:22 PM -0800 2/8/07, Nick Nicholas wrote:
>Greetings:
>
>With much help from the authors as well as the ASRG chair and Dave
>Crocker, I have finally completed the revisions to the DNSBL BCP. A
>copy is beneath my .sig so that you may make your comments inline if
>desired. I tried to include as many comments as possible from the
>discussion of the previous draft, but the authors and the editor deemed
>it was necessary to decline to use some of the suggestions.
>
>Flame away! I'm wearing my Nomex suit. :-)
Just a couple of minor quibbles:
>3.2. Cessation of List Operations MUST Be Done in a Graceful Fashion.
>
> When a DNSBL ceases operations and is taken out of circulation,
> it MUST do so in a graceful manner so that it does not create
> excessive DNS queries or list the entire Internet.
>
> The recommended approach is to put the DNSBL in its own second
> level domain, and then point the DNS NS records for that second
> level domain to 127.255.255.255.
s/to/to a hostname that resolves to/
It's amazing how many people think that's it's OK to point an NS
record at an IP address...
> The TTL for that record should be
> set at the maximum allowed period of one week.
One week is NOT the maximum value for a TTL. One week is the top
value that BIND will honor. TTL's can in theory be about 68 years
(2147483647.) Alternate wording:
The TTL field for the NS record and the A record it points to should
be set to 604800 (one week) because larger values are not universally
honored.
--
Bill Cole
bill@...
_______________________________________________
Asrg mailing list
Asrg@...
https://www1.ietf.org/mailman/listinfo/asrg
>Greetings:
>
>With much help from the authors as well as the ASRG chair and Dave
>Crocker, I have finally completed the revisions to the DNSBL BCP. A
>copy is beneath my .sig so that you may make your comments inline if
>desired. I tried to include as many comments as possible from the
>discussion of the previous draft, but the authors and the editor deemed
>it was necessary to decline to use some of the suggestions.
>
>Flame away! I'm wearing my Nomex suit. :-)
Just a couple of minor quibbles:
>3.2. Cessation of List Operations MUST Be Done in a Graceful Fashion.
>
> When a DNSBL ceases operations and is taken out of circulation,
> it MUST do so in a graceful manner so that it does not create
> excessive DNS queries or list the entire Internet.
>
> The recommended approach is to put the DNSBL in its own second
> level domain, and then point the DNS NS records for that second
> level domain to 127.255.255.255.
s/to/to a hostname that resolves to/
It's amazing how many people think that's it's OK to point an NS
record at an IP address...
> The TTL for that record should be
> set at the maximum allowed period of one week.
One week is NOT the maximum value for a TTL. One week is the top
value that BIND will honor. TTL's can in theory be about 68 years
(2147483647.) Alternate wording:
The TTL field for the NS record and the A record it points to should
be set to 604800 (one week) because larger values are not universally
honored.
--
Bill Cole
bill@...
_______________________________________________
Asrg mailing list
Asrg@...
https://www1.ietf.org/mailman/listinfo/asrg
« Return to Thread: DNSBL BCP v.2.0
| Free embeddable forum powered by Nabble | Forum Help |
