To:
dnsop@cafax.se
From:
Daniel Senie <dts@senie.com>
Date:
Wed, 16 Aug 2000 10:04:52 -0400
Sender:
owner-dnsop@cafax.se
Subject:
Re: wrt: draft-ietf-dnsop-inaddr-required-00.txt
Shane Kerr wrote: > > > Nothing special w.r.t. reverse zones here. Companies do this with > > forward zones all the time, s/ARIN/registrar/. > > Except that if my forward delegation doesn't work, nobody can come to > my web pages. Even the CEO will notice that (well, after his secretary > points it out to him). From the end user point of view, if forward > delegation doesn't work, the host isn't on the Internet (whatever "the > Internet" is). > > Given the severity of the problem, the solution is going to be quickly > forthcoming. In the IN-ADDR.ARPA case, the solution may never come, > which is what we're talking about here, I thought. As this discussion progresses, I'd like to suggest the following: We either work toward a BCP document which says: 1. IN-ADDR mappings are required, MUST be properly configured, and explains why. or. 2. IN-ADDR mappings are entirely optional, MUST NOT be used for authentication under any circumstances (i.e not even if the IN-ADDR PTR result is then looked up to verify), and explains why. EITHER of these is an outcome I'd support. If there's no overriding reasons identified as to why there MUST be a mapping, then perhaps it's time to stop trying to get people to do them. If that is the ultimate result of this draft, then we at least need the application developers know we don't think it'll ever be workable. Right now, at least 15% of the end-user stations are not covered by pointer records (data from some very active websites I host). This covers dialups, corporate networks, DSL subnets, etc. -- ----------------------------------------------------------------- Daniel Senie dts@senie.com Amaranth Networks Inc. http://www.amaranth.com