DNSOP mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Shane Kerr <shane@ripe.net>
Cc: Robert Elz <kre@munnari.OZ.AU>, Alain Durand <Alain.Durand@sun.com>, ggm@apnic.net, dnsop@cafax.se
From: Jim Reid <Jim.Reid@nominum.com>
Date: Fri, 28 Jun 2002 03:55:40 -0700
In-Reply-To: Message from Shane Kerr <shane@ripe.net> of "Fri, 28 Jun 2002 11:58:41 +0200." <20020628095841.GF16776@x17.ripe.net>
Sender: owner-dnsop@cafax.se
Subject: Re: draft-durand-ngtrans-dns-issues-00.txt

>>>>> "Shane" == Shane Kerr <shane@ripe.net> writes:

    >> No.  While technically they're allowed, they make no sense to
    >> actually use.  PTR records (for this purpose) are useful only
    >> if there's some way to verify them.

    Shane> It's also not clear to me how a wildcard PTR is different
    Shane> from (or better than) a NS record.

Well as someone already said, signing wildcard RRs can't be done
easily (if at all) with DNSSEC. "Here's a SIG record for the name that
you looked up even though that name doesn't exist and only matches a
wildcard." At least the NS record(s) and the delegation of the zone
they serve can be signed.

Follow-Ups:
- Re: draft-durand-ngtrans-dns-issues-00.txt
  - From: Robert Elz <kre@munnari.OZ.AU>

References:
- Re: draft-durand-ngtrans-dns-issues-00.txt
  - From: Shane Kerr <shane@ripe.net>

Prev by Date: Re: draft-durand-ngtrans-dns-issues-00.txt
Next by Date: Comments on securiry of draft-ietf-dnsop-inaddr-required-03.txt
Prev by thread: Re: draft-durand-ngtrans-dns-issues-00.txt
Next by thread: Re: draft-durand-ngtrans-dns-issues-00.txt
Index(es):
- Date
- Thread

Home | Date list | Subject list