To:
George Michaelson <ggm@apnic.net>, Michael Richardson <mcr@sandelman.ottawa.on.ca>
cc:
"dnsop@cafax.se" <dnsop@cafax.se>
From:
Måns Nilsson <mansaxel@sunet.se>
Date:
Wed, 19 Mar 2003 20:15:01 +0100
In-Reply-To:
<20030320041837.069afd18.ggm@apnic.net>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Radical Surgery proposal: stop doing reverse for IPv6.
--On Thursday, March 20, 2003 04:18:37 +1000 George Michaelson <ggm@apnic.net> wrote: > > Let me get this right. You are saying that inherently, because its a > top-down hierarchical model, various security models are using it to find > the KEY to perform subsequent validation on the end-to-end trust. > > So, for well behaved delegations, you assert it has real value for real > work. > > And this work (HIP, HIP6) is likely to have wider adoption in other WG as > well (ie multihoming) > > Is that it? Because if so, that needs much bigger prominence in the DNS > activity, so we don't go on assuming nobody cares about this stuff. And, > it is going to need to be put into other ops forums, that lack of reverse > management is impeding other work. It IS impeding other work; basically because it is, as run today, at many places grossly mismanaged. I agree that there are potential scaling problems with registering all end devices, but as long as people invent systems to do this (which they will, inband dynamic, secure or not, $GENERATE ones or actually useful, not a matter for this forum, imho) we should not discourage them from doing it. The reality is that regardless of the gaping holes in the reverse tree, the parts where it works, are happy to have them working. Traceroutes are the primary example of applications benefiting from working reverse, but by no means the only one. Paul Vixie wrote: > the right approach, in my opinion, is either some kind of synthesis or a > simple dns dynamic update rule allowing every host the authority to update > its own PTR RR as long as it uses TCP and maybe SIG(0) or maybe not. I agree that this is probably the path forward for end nodes. To summarize: I benefit from reverse DNS and strongly object to any document suggesting it is obsolete. -- Måns Nilsson Systems Specialist +46 70 681 7204 KTHNOC MN1334-RIPE We're sysadmins. To us, data is a protocol-overhead.