From: Florian Obser Subject: Re: unwind: support wildcard in blacklist To: Klemens Nanni Cc: OpenBSD tech Date: Sun, 25 Aug 2024 15:00:48 +0200 On 2024-08-24 11:25 UTC, Klemens Nanni wrote: > 06.07.2024 18:40, Kirill A. Korinsky пишет: >> Folks, >> >> Here a reminder about this diff. >> >> I'm using it for about two weeks and it jsut works. >> >> The diff changes symantic of blacklist into: >> >> type list file [log] > > block|pass list file [log] > This sounds like a solution in search of a problem. I don't know a world in which you can allow list a set of domains and expect things to work. Where do you get this list? Are you sending an email to HOSTSMASTER@SRI-NIC.ARPA? It also creates an incredible amount of churn, hiding the changes needed for substring matching. And there are changes in there that I don't understand. I'm also worried that we're now reversing (twice for some reason?) every qname. Is that cheap? I think the syntax of starting with a dot to mean any sub-label no matter how deep is the least worst option. -- In my defence, I have been left unsupervised.