To:
dnsop@cafax.se
From:
Paul Vixie <vixie@vix.com>
Date:
26 Mar 2003 21:13:36 +0000
In-Reply-To:
<y7visu6sp7f.wl@ocean.jinmei.org>
Sender:
owner-dnsop@cafax.se
User-Agent:
Gnus/5.09 (Gnus v5.9.0) Emacs/21.2
Subject:
Re: Radical Surgery proposal: stop doing reverse for IPv6.
jinmei@isl.rdc.toshiba.co.jp (JINMEI Tatuya / ¿ÀÌÀãºÈ) writes: > > Security usage of reverse is so absurd (given that DNNSEC will not help > > if someone tries to put another domain as RDATA in PTR records) that it > > is irrelevant. > > Can we all really agree on this point? I know many people in this > thread (regardless of their position about reverse mapping) said a > similar point, but I still see those who believe in the "security > benefit" of reverse mapping. "security" is a broad term. if you mean "use it for authorization" or "use it for authentication" then no, the contents of a PTR RR are not useful for security, or even relevant to security. if however you want to know what the network's owner thinks a host is called, and you're going to use this to prevent or detect or follow up on certain kinds of errors, or if you want to be able to find some kind of hostname hint even if the host is offline or refusing to give out such hints, and if you think that any of those things are related to "security", then a PTR RR has security uses. -- Paul Vixie #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.