To:
dnsop@cafax.se
From:
Kevin Darcy <kcd@daimlerchrysler.com>
Date:
Fri, 21 Mar 2003 12:44:19 -0500
In-Reply-To:
<a05200f2ebaa01c692690@[10.0.1.2]>
Sender:
owner-dnsop@cafax.se
User-Agent:
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3) Gecko/20030312
Subject:
Re: [RETRANSMIT] Re: Radical Surgery proposal: stop doingreversefor IPv6.
Brad Knowles wrote:
> At 6:18 PM -0500 2003/03/20, Kevin Darcy wrote:
>
>>> You claim that reverse DNS causes harm. Can you provide
>>> evidence
>>> for this claim?
>>
>>
>> The (un-Kerberized) versions of the "r-series" commands harm security
>> infrastructure, and reverse DNS enables them to function.
>
>
> So, we should break reverse DNS just so that r-commands don't
> work? Excuse me?!? Do you recommend killing the patient just so that
> you don't have to deal with their hangnail problem?!?
>
> I'm sorry, just because some morons choose to leave themselves
> open to the r-command problem is not sufficient justification for no
> longer doing reverse DNS.
Not in and of itself, no, but our increased, multi-decade knowledge of
the uses and abuses of reverse DNS does alter the original cost-benefit
analysis'es inputs, to the point where reverse DNS now seems like more
pain than gain, at least with respect to end-nodes, and/or at least with
respect to IPv6, which is going to increase the "pain" without any
corresponding anticipated increase in "gain". So maybe it's time to let
go of the old baggage and start anew.
- Kevin
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.