To:
Brad Knowles <brad.knowles@skynet.be>
cc:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>, Jun-ichiro itojun Hagino <itojun@iijlab.net>, Pekka Savola <pekkas@netcore.fi>, dnsop@cafax.se
From:
Robert Elz <kre@munnari.OZ.AU>
Date:
Fri, 22 Nov 2002 20:40:05 +1100
In-Reply-To:
<a05200f11ba03a0798758@[192.168.0.3]>
Sender:
owner-dnsop@cafax.se
Subject:
Re: comments on dnsop-ipv6-dns-issues-00
Date: Fri, 22 Nov 2002 09:56:45 +0100 From: Brad Knowles <brad.knowles@skynet.be> Message-ID: <a05200f11ba03a0798758@[192.168.0.3]> | Do we have cryptographic evidence for this assumption? Cryptographic evidence ? But no, I haven't tried to measure it, but it is something that could be measured. I'm not sure it is important enough to bother with though. | Or are we just assuming that since we received a packet from a particular IP | address that this claimed source must actually be alive? No, of course not. I'm assuming that most of the time it will be alive (for genuine packets anyway, for spoofed packets, any kind of address->name lookup is clearly a waste of time anyway). But it isn't whether it is alive that mattered, Otha-san's point was that it isn't necessarily possible to get packets back to it, just because it can get packets to you - which is certainly true. My point was that that it is (I suspect) less likely to be able to get packets to its in-addr.arpa DNS server, than the host itself. If the host is sending many packets then (spoofing and hacking aside) it is almost certainly getting replies - or it would soon give up on sending. Its in-addr.arpa server might be anywhere (even if reachable, it may not be correctly configured). | Still, I think we need to provide some sort of reverse mechanism. Why? While I have no objections with allowing people to provide names for hosts on their networks, one way or another, if they desire to, I can't think of any particularly good reason why anyone would actually want to (the best one is perhaps "because, it has always been done". I certainly don't believe that anyone should be expecting to be able to take someone else's address and translate it into a name. kre #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.