To:
Robert Elz <kre@munnari.OZ.AU>
Cc:
Alain Durand <Alain.Durand@sun.com>, ggm@apnic.net, dnsop@cafax.se
From:
Shane Kerr <shane@ripe.net>
Date:
Fri, 28 Jun 2002 11:58:41 +0200
Content-Disposition:
inline
In-Reply-To:
<13066.1025253146@munnari.OZ.AU>
Sender:
owner-dnsop@cafax.se
User-Agent:
Mutt/1.3.25i
Subject:
Re: draft-durand-ngtrans-dns-issues-00.txt
On 2002-06-28 15:32:26 +0700, Robert Elz wrote: > Date: Thu, 27 Jun 2002 17:28:40 -0700 > From: Alain Durand <Alain.Durand@sun.com> > Message-ID: <FE914F7F-8A2D-11D6-AEEB-00039376A6AA@sun.com> > > | My draft suggest to use wildcard PTR records. Does it makes > | sense? > > No. While technically they're allowed, they make no sense to > actually use. PTR records (for this purpose) are useful only if > there's some way to verify them. It's also not clear to me how a wildcard PTR is different from (or better than) a NS record. <snip/> > Let's just trash the concept, make name->address a one way function, > and be done with all of this (which includes how we manage to find > names for 3041 addresses, just in case someone doesn't see that as a > totally stupid question). This is an interesting idea. To be honest, I gave up on address to name mapping in IPv6 a while ago. Doing it in a manner that is both sufficiently distributed and secure seems like a very difficult problem, and the benefits are not at all clear. The problem as I see it is that IPv6 is so huge that it requires automated processes to manage address space. This means either running a DNS server at each level or allowing dynamic updates. Either one requires strong trust relationships be established - which is going to be a lot of work. I agree with the proposal. -- Shane Not speaking on behalf of any other entity.