To:
Brad Knowles <brad.knowles@skynet.be>
cc:
Kevin Darcy <kcd@daimlerchrysler.com>, <dnsop@cafax.se>
From:
Dean Anderson <dean@av8.com>
Date:
Thu, 20 Mar 2003 21:22:51 -0500 (EST)
In-Reply-To:
<a05200f2ebaa01c692690@[10.0.1.2]>
Sender:
owner-dnsop@cafax.se
Subject:
Re: [RETRANSMIT] Re: Radical Surgery proposal: stop doingreversefor IPv6.
Nothing would break with the removal of reverse DNS, as no one is relying on it for anything. (Anyone who is relying on it, shouldn't be.) --Dean On Fri, 21 Mar 2003, Brad Knowles wrote: > At 6:18 PM -0500 2003/03/20, Kevin Darcy wrote: > > >> You claim that reverse DNS causes harm. Can you provide evidence > >> for this claim? > > > > The (un-Kerberized) versions of the "r-series" commands harm security > > infrastructure, and reverse DNS enables them to function. > > So, we should break reverse DNS just so that r-commands don't > work? Excuse me?!? Do you recommend killing the patient just so > that you don't have to deal with their hangnail problem?!? > > I'm sorry, just because some morons choose to leave themselves > open to the r-command problem is not sufficient justification for no > longer doing reverse DNS. Fix that problem where it exists, namely > within the set of commands that are enabled by default from the > vendors, or by updating the "best security practices" documentation > to suit. > > > Simplistic spam-catching techniques based exclusively on reverse lookups harm > > intended mail recipients with their frequent false positives. > > See above. This would be like throwing out the whole planet with > the bath water, not just the baby. > > -- > Brad Knowles, <brad.knowles@skynet.be> > > "They that can give up essential liberty to obtain a little temporary > safety deserve neither liberty nor safety." > -Benjamin Franklin, Historical Review of Pennsylvania. > > GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ > !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) > tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) > #---------------------------------------------------------------------- > # To unsubscribe, send a message to <dnsop-request@cafax.se>. > #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.