DNSOP mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: dnsop@cafax.se
From: Måns Nilsson <mansaxel@sunet.se>
Date: Wed, 26 Mar 2003 18:03:29 +0100
In-Reply-To: <y7visu6sp7f.wl@ocean.jinmei.org>
Sender: owner-dnsop@cafax.se
Subject: Re: Radical Surgery proposal: stop doing reverse for IPv6.

--On Wednesday, March 26, 2003 13:53:56 +0900 "JINMEI Tatuya /
=?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?=" <jinmei@isl.rdc.toshiba.co.jp>
wrote:

>> Security usage of reverse ...
> 
> Can we all really agree on this point?  I know many people in this
> thread (regardless of their position about reverse mapping) said a
> similar point, but I still see those who believe in the "security
> benefit" of reverse mapping.

I think people confuse "security" with "order". For instance, several IRC
servers only let people in if forward and reverse match. This is just a
simple test, just to see if the client in some fuzzy way comes from "the
right side of the tracks". It does echo of "security", but it is really
just a matter of "order". The same goes for ftp servers. 

> Such approaches will include:
> 
> - wildcard reverse mapping for some upper zone
> - ICMPv6 node information queries

I think, to a certain extent, that these proposals are the result of the
approach "Now we have a new IP version. Let's change everything that has
annoyed us even a little bit, be it only from an æstethic point of view"
which has shown itself in various places in discussions wrt IPv6. 

I argue that while the number of available addresses will be perceived as
close to infinite when comparing v6 to v4, but I find it hard to believe
that the number of hosts will increase 79228162514264337593543950336 
(2^128 / 2^32) times as soon as we have v6 deployment. On the contrary, I
believe that it will be gradual, pretty much as it was for v4, though I
think it will be considerably faster. 

Therefore, the present techniques will be adaptable to v6, and with
increasing automation (dhcp/dns interaction, dynamic updates,
autogeneration based on arp tables, and the old-fashioned
$EDITOR-in-zonefile), what have you, will be sufficent until we know (as
opposed to guessing) what number of hosts will be typically deployed. 

IPv6 is not magic, it is just more address space. When will people
understand? 

-- 
Måns Nilsson            Systems Specialist
+46 70 681 7204         KTHNOC  MN1334-RIPE

We're sysadmins. To us, data is a protocol-overhead.

PGP signature

Follow-Ups:
- Re: Radical Surgery proposal: stop doing reverse for IPv6.
  - From: JINMEI Tatuya / $B?@L@C#:H(B <jinmei@isl.rdc.toshiba.co.jp>
- Re: Radical Surgery proposal: stop doing reverse for IPv6.
  - From: Daniel Senie <dts@senie.com>

References:
- Re: Radical Surgery proposal: stop doing reverse for IPv6.
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
- Re: Radical Surgery proposal: stop doing reverse for IPv6.
  - From: George Michaelson <ggm@apnic.net>
- Re: Radical Surgery proposal: stop doing reverse for IPv6.
  - From: JINMEI Tatuya / $B?@L@C#:H(B <jinmei@isl.rdc.toshiba.co.jp>
- Re: Radical Surgery proposal: stop doing reverse for IPv6.
  - From: Måns Nilsson <mansaxel@sunet.se>
- Re: Radical Surgery proposal: stop doing reverse for IPv6.
  - From: JINMEI Tatuya / $B?@L@C#:H(B <jinmei@isl.rdc.toshiba.co.jp>

Prev by Date: Re: Radical Surgery proposal: stop doing reverse for IPv6.
Next by Date: What problem were we trying to solve again? (was Re: Radical Surgery proposal: stop doing reverse for IPv6.)
Prev by thread: Re: Radical Surgery proposal: stop doing reverse for IPv6.
Next by thread: Re: Radical Surgery proposal: stop doing reverse for IPv6.
Index(es):
- Date
- Thread

Home | Date list | Subject list