To:
Edward Warnicke <eaw@cisco.com>
cc:
Robert Elz <kre@munnari.OZ.AU>, Kenneth Porter <shiva@sewingwitch.com>, <dnsop@cafax.se>
From:
Pekka Savola <pekkas@netcore.fi>
Date:
Sat, 1 Mar 2003 10:47:54 +0200 (EET)
In-Reply-To:
<Pine.GSO.4.44.0302281109340.2050-100000@eaw-u5.cisco.com>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Request for review of DNS related draft
On Fri, 28 Feb 2003, Edward Warnicke wrote: > Could you be more specific about what security considerations > you see? Mainly revealing information to anyone that isn't accessible to anyone except those in the local network at the moment. Dangerous. > In terms of operational resistance to use, I'd expect it to be about on > par with the use of rp and hinfo records. Organizations which find > utility in having those records populated use them, organizations that > don't see value don't use them. I've been in organizations which break > both ways on hinfo and rp records. If an organization finds value in > deploying this scheme, they will. It's a question of applications. HINFO and RP are *very* rarely used. They're just not useful (even dangerous) in the global Internet use. On th other hand, in a very restricted network with local domain-names, these (and some others, also) may be used. > On Fri, 28 Feb 2003, Pekka Savola wrote: > > > On Fri, 28 Feb 2003, Robert Elz wrote: > > [...] > > > Why would my nodes care what the network that contains some random IP > > > address might happen to be (or why would I ever care more than the > > > routing tables will tell me) ? > > > > Being able to do something like this would have quite a few security > > considerations, besides -- in addition to operational reluctance to take > > it to use. > > > > Finding your *own* info could be useful, but you really need most of that > > information before you can make the DNS query.. > > > > -- > > Pekka Savola "You each name yourselves king, yet the > > Netcore Oy kingdom bleeds." > > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings > > > > > > #---------------------------------------------------------------------- > # To unsubscribe, send a message to <dnsop-request@cafax.se>. > -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.