To:
dnsop@cafax.se
From:
Daniel Senie <dts@senie.com>
Date:
Tue, 15 Aug 2000 10:08:49 -0400
Sender:
owner-dnsop@cafax.se
Subject:
Re: wrt: draft-ietf-dnsop-inaddr-required-00.txt
Lars-Johan Liman wrote: > > randy@psg.com: > > and many sites out there check before letting you web to them or > > even accept mail from you. > > Yes, sure, but is that A Good Thing (TM) or is it broken behaviour? Not sure it matters. It's a wide-spread practice, easily implemented with sendmail, and so it's a problem. For this working group, the question is how to word a document strongly encouraging network operators to provide inaddr mappings. There's a much greater likelihood of getting network operators to fix their inaddr mappings than there is of getting every mail server in the world to stop relying on such mappings. > Is the behaviour to check and verify reverse lookup something that we > really want to encourage? Ask it another way: if folks are doing this already, should we encourage network operators to make sure inaddr at least functions properly so that IT is not contibuting to end user problems? > Then why? There are lots of legal situations > where the forward lookup mismatches the reverse lookup, and there is > IMHO no real security to be gained from checking the reverse > name. And, it adds to the general load of the Internet. Yet we know SSHD does it, sendmail does it, and some web servers do it too. These programs are going to make the inaddr lookups regardless. We're not going to alter or encourage that by NOT publishing a BCP on this subject. The BCP needs to point out that present use of this information exists, not that we think it's a good idea. Dan -- ----------------------------------------------------------------- Daniel Senie dts@senie.com Amaranth Networks Inc. http://www.amaranth.com