To:
dnsop@cafax.se
From:
Kevin Darcy <kcd@daimlerchrysler.com>
Date:
Thu, 10 Apr 2003 18:13:01 -0400
Sender:
owner-dnsop@cafax.se
Subject:
Re: I-D ACTION:draft-ietf-dnsop-inaddr-required-04.txt
The draft is a bad draft. First of all, from a strictly editorial standpoint, there is much language in it which appears on the surface to be normative, but it is far from clear whether it is intended as such. I am referring to the lowercase "must"s and the "are permitted" language. But, more fundamentally, the draft basically comes off as saying "it's a bad idea to rely on X, but you have to (or _should_, see my above comment about pseudo-normative language) do X anyway", where X is, of course, "maintain reverse records". What's the point of this? Either it's a bad idea to use reverse records, for security/auditing/logging purposes, or it is not. If it's a bad idea, we shouldn't be recommending that the practice be continued. If it's *not* a bad idea, then it should be explained not only why it's a good idea, but specifically how the benefits outweigh the costs (false positives, etc.) of doing it. - Kevin Internet-Drafts@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Domain Name System Operations Working Group of the IETF. > > Title : Requiring DNS IN-ADDR Mapping > Author(s) : D. Senie > Filename : draft-ietf-dnsop-inaddr-required-04.txt > Pages : 5 > Date : 2003-3-28 > > Mapping of addresses to names has been a feature of DNS. Many sites, > implement it, many others don't. Some applications attempt to use it > as a part of a security strategy. The goal of this document is to > encourage proper deployment of address to name mappings, and provide > guidance for their use. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-dnsop-inaddr-required-04.txt > > To remove yourself from the IETF Announcement list, send a message to > ietf-announce-request with the word unsubscribe in the body of the message. > > Internet-Drafts are also available by anonymous FTP. Login with the username > "anonymous" and a password of your e-mail address. After logging in, > type "cd internet-drafts" and then > "get draft-ietf-dnsop-inaddr-required-04.txt". > > A list of Internet-Drafts directories can be found in > http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > Internet-Drafts can also be obtained by e-mail. > > Send a message to: > mailserv@ietf.org. > In the body type: > "FILE /internet-drafts/draft-ietf-dnsop-inaddr-required-04.txt". > > NOTE: The mail server at ietf.org can return the document in > MIME-encoded form by using the "mpack" utility. To use this > feature, insert the command "ENCODING mime" before the "FILE" > command. To decode the response(s), you will need "munpack" or > a MIME-compliant mail reader. Different MIME-compliant mail readers > exhibit different behavior, especially when dealing with > "multipart" MIME messages (i.e. documents which have been split > up into multiple messages), so check your local documentation on > how to manipulate these messages. > > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft. > > ------------------------------------------------------------------------ > Content-Type: text/plain > Content-ID: <2003-3-28142222.I-D@ietf.org> #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.