To:
Andras Salamon <andras@dns.net>
cc:
dnsop@cafax.se
From:
Dean Anderson <dean@av8.com>
Date:
Sun, 23 Mar 2003 15:33:40 -0500 (EST)
In-Reply-To:
<20030323092620.GA10837@dns.net>
Sender:
owner-dnsop@cafax.se
Subject:
Re: [RETRANSMIT] Re: Radical Surgery proposal: stop doingreversefor IPv6.
On Sun, 23 Mar 2003, Andras Salamon wrote: > On Sat, Mar 22, 2003 at 01:35:24PM -0500, Dean Anderson wrote: > > These issues have been addressed. There are no "important uses" that are > > appropriate for Reverse. ANY use of reverse beyond a convenience function > > is inappropriate, since those uses result in security vulnerabilities, or > > log vulnernabilities. > > I agree that there are currently no appropriate uses for reverse DNS > that can't be addressed in other ways. > > I disagree that because of this we should remove PTR records from the > DNS protocol (which seems to be what Dean is advocating). For all I I am only advocating we drop Reverse from IPV6. With regard to IPv4, I am only advocating we make it deprecated, which will not affect any current users, except to put them on notice that they shouldn't be using reverse except for non-critical convenience functions, and that they should not expect this functionality in IPv6. As far as being "increasingly strident", my language clearly hasn't been strident at all. I am not the one using the strident, ad hominem terms like "boorish and rude". Nor am I repeating exaggerated assertions such as "removing reverse will break DNS", or increasingly insistent demands that those of us advocating this `not talk about removing reverse until we have completely removed it from our servers'. Such statements have no value in a rational debate of issues. I have tried to avoid responding to them, and instead try to bring clarity to the arguments for our position on reverse DNS. Where I have entertained the looping, it is for the purpose of demonstrating the unswerving and irrational insistence of those who harbor false assumptions on reverse DNS, and to demonstrate that as a harm, not merely from an administrative aspect, but also and probably more importantly, from a programming aspect. Our position on Reverse is not motivated purely by the lack of utility of Reverse---Just the opposite. I find reverse to be convenient. Nor is it compelling that some administrators might abuse reverse. The most compelling harm, and the reason the WG should act, is the combination of the determination of believers that reverse DNS can be used for authentication, and the fact that programmers embed these assumptions into software, which is not easily changed by the end users. The WG should act to avert this problem. Complications for doing reverse in IPV6 contribute to this argument, which makes it even more sensible to not do reverse in IPV6. Deprecation in IPV4, as I noted, puts users and implementors on notice about how Reverse should and should not be used, without actually removing that convenience from IPv4 networks. --Dean #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.