To:
"'Kevin Darcy'" <kcd@daimlerchrysler.com>, <dnsop@cafax.se>
From:
"Jessica Little" <jessl@nic.mil>
Date:
Fri, 21 Mar 2003 13:59:05 -0500
Importance:
Normal
In-reply-to:
<3E7B4F73.4090102@daimlerchrysler.com>
Sender:
owner-dnsop@cafax.se
Subject:
RE: [RETRANSMIT] Re: Radical Surgery proposal: stop doingreverse for IPv6.
Pls ignore last response. It was unintentionally sent.
Thanks
-----Original Message-----
From: owner-dnsop@cafax.se [mailto:owner-dnsop@cafax.se] On Behalf Of Kevin
Darcy
Sent: Friday, March 21, 2003 12:44 PM
To: dnsop@cafax.se
Subject: Re: [RETRANSMIT] Re: Radical Surgery proposal: stop doingreverse
for IPv6.
Brad Knowles wrote:
> At 6:18 PM -0500 2003/03/20, Kevin Darcy wrote:
>
>>> You claim that reverse DNS causes harm. Can you provide
>>> evidence
>>> for this claim?
>>
>>
>> The (un-Kerberized) versions of the "r-series" commands harm security
>> infrastructure, and reverse DNS enables them to function.
>
>
> So, we should break reverse DNS just so that r-commands don't
> work? Excuse me?!? Do you recommend killing the patient just so that
> you don't have to deal with their hangnail problem?!?
>
> I'm sorry, just because some morons choose to leave themselves
> open to the r-command problem is not sufficient justification for no
> longer doing reverse DNS.
Not in and of itself, no, but our increased, multi-decade knowledge of
the uses and abuses of reverse DNS does alter the original cost-benefit
analysis'es inputs, to the point where reverse DNS now seems like more
pain than gain, at least with respect to end-nodes, and/or at least with
respect to IPv6, which is going to increase the "pain" without any
corresponding anticipated increase in "gain". So maybe it's time to let
go of the old baggage and start anew.
- Kevin
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.