DNSOP mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Jim Reid <Jim.Reid@nominum.com>
cc: Shane Kerr <shane@ripe.net>, Alain Durand <Alain.Durand@sun.com>, ggm@apnic.net, dnsop@cafax.se
From: Robert Elz <kre@munnari.OZ.AU>
Date: Fri, 28 Jun 2002 21:03:58 +0700
In-Reply-To: <44341.1025261740@shell.nominum.com>
Sender: owner-dnsop@cafax.se
Subject: Re: draft-durand-ngtrans-dns-issues-00.txt

    Date:        Fri, 28 Jun 2002 03:55:40 -0700
    From:        Jim Reid <Jim.Reid@nominum.com>
    Message-ID:  <44341.1025261740@shell.nominum.com>

  | Well as someone already said, signing wildcard RRs can't be done
  | easily (if at all) with DNSSEC.

Yes, but even if you're not requiring DNSSEC level of authentication,
just doing the "lookup the name and compare the A6 (maybe AAAA) records
with the address I started with" trick doesn't work with wildcard
PTR records.   It is almost possible to make it work with IPv4, by
simply giving the name in the wildcard PTR an RRSet that lists every
possible address.   I suspect that's not going to work real well with
IPv6...

kre

References:
- Re: draft-durand-ngtrans-dns-issues-00.txt
  - From: Jim Reid <Jim.Reid@nominum.com>

Prev by Date: Comments on securiry of draft-ietf-dnsop-inaddr-required-03.txt
Prev by thread: Re: draft-durand-ngtrans-dns-issues-00.txt
Next by thread: Re: draft-durand-ngtrans-dns-issues-00.txt
Index(es):
- Date
- Thread

Home | Date list | Subject list