Re: [RETRANSMIT] Re: Radical Surgery proposal: stop doingreverse for IPv6.

[Andras Salamon <andras@dns.net>]

On Sat, Mar 22, 2003 at 01:35:24PM -0500, Dean Anderson wrote:
> These issues have been addressed.  There are no "important uses" that are
> appropriate for Reverse.  ANY use of reverse beyond a convenience function
> is inappropriate, since those uses result in security vulnerabilities, or
> log vulnernabilities.

I agree that there are currently no appropriate uses for reverse DNS
that can't be addressed in other ways.

I disagree that because of this we should remove PTR records from the
DNS protocol (which seems to be what Dean is advocating).  For all I
know, some people want to use PTR records -- that doesn't put any extra
burden on me to add those records to my zones, I could ignore them.
(Just like most people in DNSOP seem to be ignoring Dean's increasingly
strident calls to drop reverse DNS.)

Reverse DNS is a klunky way to add another index to a database that was
designed around a specific index/lookup mechanism tied to domain names
as keys.  The reverse tree suffers from classic database brokenness,
by design, through duplication of existing data that not only is often
out of synch with existing data, but also has problems with the semantics
of multiple records matching a given key, eg.
    {a,b,c}.example.com <-> IP1, IP2, IP3.
This doesn't mean that it is invalid to want to index the database a
different way.

If we add a mechanism to allow dynamic injection of records into the
reverse tree, the landscape changes.  I would welcome discussion of
potentially useful uses of reverse DNS in this scenario.

-- Andras Salamon                   andras@dns.net
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.