To:
Paul Vixie <vixie@vix.com>
Cc:
dnsop@cafax.se
From:
George Michaelson <ggm@apnic.net>
Date:
Thu, 20 Mar 2003 01:43:35 +1000
In-Reply-To:
<g3he9zml9j.fsf@as.vix.com>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Radical Surgery proposal: stop doing reverse for IPv6.
On 19 Mar 2003 15:25:12 +0000 Paul Vixie <vixie@vix.com> wrote: > ggm@apnic.net (George Michaelson) writes: > > > Radical Surgery proposal: stop doing reverse for IPv6. > > i think this is the wrong approach. at a minimum, folks want to be able > to postprocess their transaction logs at the end of a day and still be > able to do gethostbyaddr() even if many of the nodes that came to theirh > web servers (or whatever) are by that time offline or unreachable. 12pm midnight local time, every machine combines to do a DDOS on the DNS, walking their logfiles. doesn't sound good to me. also sounds the kind of thing which could work better from some other process. when I ran a large FTP mirrors logfile processing, I used router BGP dumps and pre-compiled prefix/len maps to do this activity. It was 3 orders of magnitude faster than DNS lookups and more reliable. I think the granularity of lookup is different for different people. > it's > also extremely important for abuse tracking. then there's the inability > of network owners to enforce, should they choose, some kind of policy on > gethostbyname(gethostbyaddr(x))==x or the converse. the mapping can come from somewhere else. Its demonstrably broken for a significant space of the deployed network. I question the importance. > > the right approach, in my opinion, is either some kind of synthesis or a > simple dns dynamic update rule allowing every host the authority to update > its own PTR RR as long as it uses TCP and maybe SIG(0) or maybe not. Sure. if you want to increase the value in the reverse, then the reverse has an increased value, as a function of numbers AND of the innate value of any one reverse. but if its optional, and untrustworthy, and currently incomplete and broken, and breaking other services, its worth questioning its value. synthesis is interesting. if we're synthesizing, does that mean we're not doing a top-down delegation model any more? or is this synthesis into delegated spaces? given how reverse works, it means a cable operator has to either manage n * 255 spaces per 16 or one 65,000 host space to scale this to their net. That might be ok, I don't know. But it doesn't look like it would be completely straightforward to do for CiDR spaces. -George > -- > Paul Vixie > #---------------------------------------------------------------------- > # To unsubscribe, send a message to <dnsop-request@cafax.se>. -- George Michaelson | APNIC Email: ggm@apnic.net | PO Box 2131 Milton QLD 4064 Phone: +61 7 3367 0490 | Australia Fax: +61 7 3367 0482 | http://www.apnic.net #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.