To:
"Loomis, Rip" <GILBERT.R.LOOMIS@saic.com>
cc:
Daniel Senie <dts@senie.com>, <dnsop@cafax.se>
From:
Dean Anderson <dean@av8.com>
Date:
Mon, 7 Apr 2003 16:24:29 -0400 (EDT)
In-Reply-To:
<4E25ECBBC03F874CBAD03399254ADFDE104B1B@US-Columbia-CIST.mail.saic.com>
Sender:
owner-dnsop@cafax.se
Subject:
RE: I-D ACTION:draft-ietf-dnsop-inaddr-required-04.txt
On Mon, 7 Apr 2003, Loomis, Rip wrote: > I know that this draft has been discussed a lot already > and that Dean has strongly held convictions, but I can't > just let some of Dean's statements go by without comment. My views are neither "convictions", nor "strongly held". They just happen to be logically correct. The "strongly held convictions" are those that refuse to accept logical arguments and the consequences of deduction. > Dean replied: > > Then it should include a statement to the effect of: > > > > ------------ > > IN-ADDR should not be used for any logging, auditing, identification, > > authentication, or authorization purpose. Its sole purpose is for > > the convenience of such applications as traceroute. > > No, no, no, no, no. Your statement above is not accurate. > I agree that is rarely useful to log IN-ADDR information by itself > without the IP address--in fact, it's a Bad Idea and the IETF almost Actually, it is still quite common to find logs without IP addresses. There are still a number of unix implementations that have syslog's and wtmp's that don't have anything but the in-addr response (and only 64 bytes of that). For example, Linux stores the in-addr for IPv4, and the IP address for IPv6. However, I am not saying it is inappropriate to store in-addr as secondary information. I am saying it is inappropriate to use in-addr as the primary information. Those are different things. Far too many people hold mis-conceptions about the proper use of in-addr: > certainly should clearly recommend against logging of IN-ADDR without > the associated IP. However, it *can* be useful to record both the > IP address and corresponding PTR lookup information, where > such information is available. The PTR information can't always be > relied upon by itself, but since it can change over time it does You seem to miss the point: PTR information can _never_ be relied by itself. There is no case where it can be relied on. It is silly to keep repeating this point. > represent information that is either logged or lost. > Is it your assertion that the PTR information, if logged along with the > IP address, can *never* be relied upon in any way by a competent > administrator or investigator? Yes. Only the IP address can be relied on. If you have the IP address, you don't need the IN-ADDR. If you don't have the IP address, the IN-ADDR can't be trusted. Without the IP address, you have nothing. > More importantly: > It is *entirely* proper for a large ISP (or in fact any company) > to populate the reverse lookup tree with information such as > > xx.129.203.24.in-addr.arpa PTR \ > modemcable0xx.129-203-24.que.mc.videotron.ca [0] > > and it is *entirely* appropriate for me to be able to choose to > use that information as one factor in deciding how to handle > incoming connection attempts from that IP address. It is _entirely_ up to the ISP to decide whether or not to do that. If they don't do that, then that case is _also_ entirely proper. _YOU_ can do whatever you want to. Just don't expect the rest of use to change our IN-ADDR zones to suit your misguided and illogical convictions. --Dean #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.