IPv6 Trashes RBL and Its Kin

John Levine explains Why DNS blacklists don't work for IPv6 networks.

The reason is the vastly large IPv6 address space. IPv4 addressses are 32 bits long, allowing 4 billion addresses. That seems like (and is) a lot, but it's few enough that all the addresses will be handed out by sometime next year, and any given network has only a limited supply of them. This means that a single host usually has a single IPv4 address, or at most a few hundred addresses. IPv6 addresses are much longer, 128 bits long. They are so long that where as in IPv4, an ISP usually allocates a single IP address to each customer, ISPs will probably allocate a /64 of IPv6 space to each customer, that is, a range of addresses 64 bits long. While there are sensible technical reasons to do this, it also has the unfortunate effect that a computer can switch to a new IP address each time it sends a new message, and never reuse an address. (As a rough approximation, if you sent a billion messages a second, each with its own address, it would take about a thousand years to use all the addresses in a /64.)

He also has some suggestions for how to overcome the problem, but I'm skeptical about the workability of at least the first two of his ideas, which are whitelists or modifying DNSSEC to suit (it took forever to get the current version agreed).

Then again, who actually uses IPv6 for email anyway?

This entry was posted in Internet. Bookmark the permalink.