(Almost nobody signs zones.) How is that any easier than just having an https://... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tptacek 2 days ago \| parent \| context \| favorite \| on: IPv6 traffic crosses the 50% mark (Almost nobody signs zones.) How is that any easier than just having an https:// URL from which you pull an (arbitrarily-formatted) list of IP addresses to block? Is the idea that you'd otherwise be able to do real-time DNS lookups on incoming IP addresses?

		help

azernik 21 hours ago [–]

Yes - delay SYNs until an authenticated reverse lookup confirmed the IP was owned by a trusted domain. With caching to reduce common-case latency, which would otherwise be intolerable.

tptacek 14 hours ago | [–]

Does this system exist somewhere?

azernik 37 minutes ago | | [–]

Absolutely not

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact