To:
Paul Vixie <vixie@vix.com>
Cc:
dnsop@cafax.se
From:
Tom Limoncelli <tal@lumeta.com>
Date:
Thu, 27 Mar 2003 08:12:11 -0500
In-Reply-To:
<g3he9psuf3.fsf@as.vix.com>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Radical Surgery proposal: stop doing reverse for IPv6.
On Wednesday, March 26, 2003, at 04:13 PM, Paul Vixie wrote: > "security" is a broad term. if you mean "use it for authorization" or > "use > it for authentication" then no, the contents of a PTR RR are not > useful for > security, or even relevant to security. if however you want to know > what > the network's owner thinks a host is called, and you're going to use > this to > prevent or detect or follow up on certain kinds of errors, or if you > want to > be able to find some kind of hostname hint even if the host is offline > or > refusing to give out such hints, and if you think that any of those > things > are related to "security", then a PTR RR has security uses. I agree. Also... There are many non-security purposes that go under the category of "operations". For example, the first step to fixing a routing issue is usually doing a traceroute between the affected networks. Seeing the names of the intervening routers is a big part of the "detective work" that is done before one can determine the fix. There are many non-security examples. Add this to Vixie's list of examples: It's very nice to be able to look up an IP address of a machine that I can't actually access due to a firewall. Having reverse lookups being handled by a machine other than the actual machine itself is very powerful. I do think that IPv6 will mean the end of flat-files for DNS databases, but that just seems to be how things progress in life. All systems grow in complexity until they require an SQL back-end. :-) --tal #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.