To:
dnsop@cafax.se
From:
Andras Salamon <andras@dns.net>
Date:
Sun, 23 Mar 2003 11:26:20 +0200
Content-Disposition:
inline
In-Reply-To:
<Pine.LNX.4.44.0303221318530.9435-100000@commander.av8.net>
Sender:
owner-dnsop@cafax.se
User-Agent:
Mutt/1.4i
Subject:
Re: [RETRANSMIT] Re: Radical Surgery proposal: stop doingreverse for IPv6.
On Sat, Mar 22, 2003 at 01:35:24PM -0500, Dean Anderson wrote: > These issues have been addressed. There are no "important uses" that are > appropriate for Reverse. ANY use of reverse beyond a convenience function > is inappropriate, since those uses result in security vulnerabilities, or > log vulnernabilities. I agree that there are currently no appropriate uses for reverse DNS that can't be addressed in other ways. I disagree that because of this we should remove PTR records from the DNS protocol (which seems to be what Dean is advocating). For all I know, some people want to use PTR records -- that doesn't put any extra burden on me to add those records to my zones, I could ignore them. (Just like most people in DNSOP seem to be ignoring Dean's increasingly strident calls to drop reverse DNS.) Reverse DNS is a klunky way to add another index to a database that was designed around a specific index/lookup mechanism tied to domain names as keys. The reverse tree suffers from classic database brokenness, by design, through duplication of existing data that not only is often out of synch with existing data, but also has problems with the semantics of multiple records matching a given key, eg. {a,b,c}.example.com <-> IP1, IP2, IP3. This doesn't mean that it is invalid to want to index the database a different way. If we add a mechanism to allow dynamic injection of records into the reverse tree, the landscape changes. I would welcome discussion of potentially useful uses of reverse DNS in this scenario. -- Andras Salamon andras@dns.net #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.